DiffRNN: Differential Verification of Recurrent Neural Networks

Mohammadinejad, Sara; Paulsen, Brandon; Deshmukh, Jyotirmoy V.; Wang, Chao

doi:10.1007/978-3-030-85037-1_8

Cited by 11 publications

(4 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We leave as future work a further investigation of variations of ADMM that can improve convergence rates in deep learning-sized problem instances, as well as extensions beyond the LP setting. Furthermore, it would be interesting to extend the proposed method to verification of recurrent neural neworks (RNNs) such as vanilla RNNs, LSTMs 9 , and GRUs 10 [46], [47], [48]. where T f (x) ∈ ∂f (x) denotes a subgradient.…”

Section: Discussionmentioning

confidence: 99%

DeepSplit: Scalable Verification of Deep Neural Networks via Operator Splitting

Chen

Wong

Kolter

et al. 2022

IEEE Open J. Control. Syst.

View full text Add to dashboard Cite

Analyzing the worst-case performance of deep neural networks against input perturbations amounts to solving a large-scale non-convex optimization problem, for which several past works have proposed convex relaxations as a promising alternative. However, even for reasonably-sized neural networks, these relaxations are not tractable, and so must be replaced by even weaker relaxations in practice. In this work, we propose a novel operator splitting method that can directly solve a convex relaxation of the problem to high accuracy, by splitting it into smaller sub-problems that often have analytical solutions. The method is modular, scales to very large problem instances, and compromises of operations that are amenable to fast parallelization with GPU acceleration. We demonstrate our method in bounding the worst-case performance of large convolutional networks in image classification and reinforcement learning settings, and in reachability analysis of neural network dynamical systems.

show abstract

Section: Discussionmentioning

confidence: 99%

DeepSplit: Scalable Verification of Deep Neural Networks via Operator Splitting

Chen

Wong

Kolter

et al. 2022

IEEE Open J. Control. Syst.

View full text Add to dashboard Cite

show abstract

“…At a higher level, our method for using over-approximate analysis to narrow down the search space is analogous to static analysis techniques based on abstract interpretation [11], which have been used to verify properties of both software programs [28,48,53] and machine learning models [40][41][42], including robustness to data bias [37] and individual fairness [32]. Furthermore, our method for detecting robustness violations is analogous to techniques used in bug-finding tools based on program verification and state space reduction [5,27].…”

Section: Related Workmentioning

confidence: 99%

Systematic Testing of the Data-Poisoning Robustness of KNN

Wang

2023

Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

Data poisoning aims to compromise a machine learning based software component by contaminating its training set to change its prediction results for test inputs. Existing methods for deciding data-poisoning robustness have either poor accuracy or long running time and, more importantly, they can only certify some of the truly-robust cases, but remain inconclusive when certification fails. In other words, they cannot falsify the truly-non-robust cases. To overcome this limitation, we propose a systematic testing based method, which can falsify as well as certify data-poisoning robustness for a widely used supervised-learning technique named 𝑘-nearest neighbors (KNN). Our method is faster and more accurate than the baseline enumeration method, due to a novel overapproximate analysis in the abstract domain, to quickly narrow down the search space, and systematic testing in the concrete domain, to find the actual violations. We have evaluated our method on a set of supervised-learning datasets. Our results show that the method significantly outperforms state-of-the-art techniques, and can decide data-poisoning robustness of KNN prediction results for most of the test inputs. CCS CONCEPTS• Software and its engineering → Formal software verification; • Security and privacy → Logic and verification; • Computing methodologies → Supervised learning.

show abstract

“…Instead, they are more closely related to techniques for verifying/certifying robustness [8], noninterference [5], and sidechannel security [19,39,40,48], where a program is executed multiple times, each time for a different input drawn from a large (and sometimes infinite) set, to see if they all agree on the output. At a high level, this is closely related to differential verification [28,31,32], synthesis of relational invariants [41] and verification of hyper-properties [15,35].…”

Section: Related Workmentioning

confidence: 99%

Certifying the Fairness of KNN in the Presence of Dataset Bias

Wang

2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We propose a method for certifying the fairness of the classification result of a widely used supervised learning algorithm, the k-nearest neighbors (KNN), under the assumption that the training data may have historical bias caused by systematic mislabeling of samples from a protected minority group. To the best of our knowledge, this is the first certification method for KNN based on three variants of the fairness definition: individual fairness, $$\epsilon $$ ϵ -fairness, and label-flipping fairness. We first define the fairness certification problem for KNN and then propose sound approximations of the complex arithmetic computations used in the state-of-the-art KNN algorithm. This is meant to lift the computation results from the concrete domain to an abstract domain, to reduce the computational cost. We show effectiveness of this abstract interpretation based technique through experimental evaluation on six datasets widely used in the fairness research literature. We also show that the method is accurate enough to obtain fairness certifications for a large number of test inputs, despite the presence of historical bias in the datasets.

show abstract

DiffRNN: Differential Verification of Recurrent Neural Networks

Cited by 11 publications

References 40 publications

DeepSplit: Scalable Verification of Deep Neural Networks via Operator Splitting

DeepSplit: Scalable Verification of Deep Neural Networks via Operator Splitting

Systematic Testing of the Data-Poisoning Robustness of KNN

Certifying the Fairness of KNN in the Presence of Dataset Bias

Contact Info

Product

Resources

About