Fuzzing Deep Learning Models against Natural Robustness with Filter Coverage

Wei, Zhengyuan; Chan, Wing Man

doi:10.1109/qrs54544.2021.00071

Cited by 5 publications

(3 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that a weight parametrization similar to (3.15) was used in [56] for computing lower and upper bounds on the output of a deep equilibrium layer, but in this article W − i has negative values.…”

Section: (V) Ifmentioning

confidence: 99%

ABBA Neural Networks: Coping with Positivity, Expressivity, and Robustness

Neacşu,

Pesquet,

Vasilescu

et al. 2024

SIAM Journal on Mathematics of Data Science

View full text Add to dashboard Cite

We introduce ABBA networks, a novel class of (almost) non-negative neural networks, which are shown to possess a series of appealing properties. In particular, we demonstrate that these networks are universal approximators while enjoying the advantages of non-negative weighted networks. We derive tight Lipschitz bounds both in the fully connected and convolutional cases. We propose a strategy for designing ABBA nets that are robust against adversarial attacks, by finely controlling the Lipschitz constant of the network during the training phase. We show that our method outperforms other state-of-the-art defenses against adversarial white-box attackers. Experiments are performed on image classification tasks on four benchmark datasets.

show abstract

Section: (V) Ifmentioning

confidence: 99%

ABBA Neural Networks: Coping with Positivity, Expressivity, and Robustness

Neacşu,

Pesquet,

Vasilescu

et al. 2024

SIAM Journal on Mathematics of Data Science

View full text Add to dashboard Cite

show abstract

“…If so, can we fundamentally mitigate this issue? Wei and Kolter (2021) showed that DEQ models are also vulnerable to adversarial examples and considered ℓ ∞ certified robustness for DEQ models. They presented IBP-MonDEQ, a modification of monotone deep equilibrium layers that allows for the computation of lower and upper bounds on its output via interval bound propagation.…”

Section: Introductionmentioning

confidence: 99%

“…In this paper, we present a novel approach for improving the robustness of DEQ models through provable stability guaranteed by the Lyapunov theory. Unlike existing methods that rely on certified training or adversarial training (Wei and Kolter 2021;Li, Wang, and Lin 2022;Yang, Pang, and Liu 2022;Yang et al 2023), our approach treats the DEQ model as a nonlinear dynamic system and ensures that its fixed points are Lyapunov-stable, thereby keeping the perturbed fixed point within the same stable neighborhood as the unperturbed point and preventing successful adversarial attacks. Specially, we ensure the robustness of the DEQ model by jointly learning a convex positive definite Lyapunov function along with dynamics constrained to be stable according to these dynamics everywhere in the state space.…”

Section: Introductionmentioning

confidence: 99%

Lyapunov-Stable Deep Equilibrium Models

Chu,

Wei,

Liu

et al. 2024

AAAI

View full text Add to dashboard Cite

Deep equilibrium (DEQ) models have emerged as a promising class of implicit layer models, which abandon traditional depth by solving for the fixed points of a single nonlinear layer. Despite their success, the stability of the fixed points for these models remains poorly understood. By considering DEQ models as nonlinear dynamic systems, we propose a robust DEQ model named LyaDEQ with guaranteed provable stability via Lyapunov theory. The crux of our method is ensuring the Lyapunov stability of the DEQ model's fixed points, which enables the proposed model to resist minor initial perturbations. To avoid poor adversarial defense due to Lyapunov-stable fixed points being located near each other, we orthogonalize the layers after the Lyapunov stability module to separate different fixed points. We evaluate LyaDEQ models under well-known adversarial attacks, and experimental results demonstrate significant improvement in robustness. Furthermore, we show that the LyaDEQ model can be combined with other defense methods, such as adversarial training, to achieve even better adversarial robustness.

show abstract

Selection of test samples to improve DNN test efficiency based on neuron clusters

Lee,

Chae

2024

Neural Comput & Applic

View full text Add to dashboard Cite

Fuzzing Deep Learning Models against Natural Robustness with Filter Coverage

Cited by 5 publications

References 31 publications

ABBA Neural Networks: Coping with Positivity, Expressivity, and Robustness

ABBA Neural Networks: Coping with Positivity, Expressivity, and Robustness

Lyapunov-Stable Deep Equilibrium Models

Selection of test samples to improve DNN test efficiency based on neuron clusters

Contact Info

Product

Resources

About