Optimization and abstraction: a synergistic approach for analyzing neural network robustness

Anderson, Greg; Pailoor, Shankara; Dillig, Işıl; Chaudhuri, Swarat

doi:10.1145/3314221.3314614

Cited by 90 publications

(80 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For the "open-loop" verification problem (verification of DNNs), many efficient techniques have been proposed, such as SMT-based methods [22,23,30], mixed-integer linear programming methods [14,24,28], setbased methods [4,17,32,33,48,50,53,57], and optimization methods [51,58]. For the "closed-loop" verification problem (NCCS verification), we note that the Verisig approach [20] is efficient for NNCS with nonlinear plants and with Sigmoid and Tanh activation functions.…”

Section: Related Workmentioning

confidence: 99%

NNV: The Neural Network Verification Tool for Deep Neural Networks and Learning-Enabled Cyber-Physical Systems

Tran

Yang

Lopez

et al. 2020

Lecture Notes in Computer Science

191

141

View full text Add to dashboard Cite

This paper presents the Neural Network Verification (NNV) software tool, a set-based verification framework for deep neural networks (DNNs) and learning-enabled cyber-physical systems (CPS). The crux of NNV is a collection of reachability algorithms that make use of a variety of set representations, such as polyhedra, star sets, zonotopes, and abstract-domain representations. NNV supports both exact (sound and complete) and over-approximate (sound) reachability algorithms for verifying safety and robustness properties of feed-forward neural networks (FFNNs) with various activation functions. For learning-enabled CPS, such as closed-loop control systems incorporating neural networks, NNV provides exact and over-approximate reachability analysis schemes for linear plant models and FFNN controllers with piecewise-linear activation functions, such as ReLUs. For similar neural network control systems (NNCS) that instead have nonlinear plant models, NNV supports overapproximate analysis by combining the star set analysis used for FFNN controllers with zonotope-based analysis for nonlinear plant dynamics building on CORA. We evaluate NNV using two real-world case studies: the first is safety verification of ACAS Xu networks, and the second deals with the safety verification of a deep learning-based adaptive cruise control system.

show abstract

Section: Related Workmentioning

confidence: 99%

NNV: The Neural Network Verification Tool for Deep Neural Networks and Learning-Enabled Cyber-Physical Systems

Tran

Yang

Lopez

et al. 2020

Lecture Notes in Computer Science

191

141

View full text Add to dashboard Cite

show abstract

“…A classifier is stable for some (typically very small) perturbation of its input samples which represents an adversarial attack when it assigns the same class to all the samples within that perturbation, so that impercetible malicious alterations of input objects should not deceive a stable classifier. Formal verification methods for neural networks may rely on a number of different techniques: linear approximation of functions (Weng et al 2018;Zhang et al 2018), semidefinite relaxations (Raghunathan, Steinhardt, and Liang 2018), logical SMT solvers (Huang et al 2017;Katz et al 2017), symbolic interval propagation (Wang et al 2018a), abstract interpretation (Gehr et al 2018;Singh et al 2018; or hybrid synergistic approaches (Anderson et al 2019;Wang et al 2018b). Abstract interpretation (Cousot and Cousot 1977) is a de facto standard technique used since forty years for designing static analysers and verifiers of programming languages.…”

Section: Introductionmentioning

confidence: 99%

Abstract Interpretation of Decision Tree Ensemble Classifiers

Ranzato

Zanella

2020

AAAI

View full text Add to dashboard Cite

We study the problem of formally and automatically verifying robustness properties of decision tree ensemble classifiers such as random forests and gradient boosted decision tree models. A recent stream of works showed how abstract interpretation, which is ubiquitously used in static program analysis, can be successfully deployed to formally verify (deep) neural networks. In this work we push forward this line of research by designing a general and principled abstract interpretation-based framework for the formal verification of robustness and stability properties of decision tree ensemble models. Our abstract interpretation-based method may induce complete robustness checks of standard adversarial perturbations and output concrete adversarial attacks. We implemented our abstract verification technique in a tool called silva, which leverages an abstract domain of not necessarily closed real hyperrectangles and is instantiated to verify random forests and gradient boosted decision trees. Our experimental evaluation on the MNIST dataset shows that silva provides a precise and efficient tool which advances the current state of the art in tree ensembles verification.

show abstract

“…A wide spectrum of studies has been performed, and those include the generation of the adversarial examples [4,8,16,22,23,26,36] and crafting defense [4,10,11,21,28,34,35,42] against such synthetic attacks. Also, studying DNN models as software and utilizing SE techniques have been proven to be useful to validate and test the DNN model [2,15,17,24,27,39,40].…”

Section: Study On the Robustness Propertymentioning

confidence: 99%

Does fixing bug increase robustness in deep learning?

Pan

2020

Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings

View full text Add to dashboard Cite

Deep Learning (DL) based systems are utilized vastly. Developers update the code to fix the bugs in the system. How these code fixing techniques impacts the robustness of these systems has not been clear. Does fixing code increase the robustness? Do they deteriorate the learning capability of the DL based systems? To answer these questions, we studied 321 Stack Overflow posts based on a published dataset. In this study, we built a classification scheme to analyze how bug-fixes changed the robustness of the DL model and found that most of the bug-fixes can increase the robustness. We also found evidence of bug-fixing that decrease the robustness. Our preliminary result suggests that 12.5% and 2.4% of the bug-fixes in Stack Overflow posts caused the increase and the decrease of the robustness of DL models, respectively. CCS CONCEPTS • Software and its engineering → Software defect analysis; • Computing methodologies → Machine learning;

show abstract

Optimization and abstraction: a synergistic approach for analyzing neural network robustness

Cited by 90 publications

References 42 publications

NNV: The Neural Network Verification Tool for Deep Neural Networks and Learning-Enabled Cyber-Physical Systems

NNV: The Neural Network Verification Tool for Deep Neural Networks and Learning-Enabled Cyber-Physical Systems

Abstract Interpretation of Decision Tree Ensemble Classifiers

Does fixing bug increase robustness in deep learning?

Contact Info

Product

Resources

About