Semantic Adversarial Deep Learning

Dreossi, Tommaso; Jha, Somesh; Seshia, Sanjit A.

doi:10.1007/978-3-319-96145-3_1

Cited by 52 publications

(58 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To deal with the lack of specification for perception components, VERIFAI analyzes them in the context of a closedloop system using a system-level specification. Moreover, to scale to complex highdimensional feature spaces, VERIFAI operates on an abstract feature space (or semantic feature space) [8] that describes semantic aspects of the environment being perceived, not the raw features such as pixels. • Learning: VERIFAI aims to not only analyze the behavior of ML components but also use formal methods for their (re-)design.…”

Section: Introductionmentioning

confidence: 99%

VerifAI: A Toolkit for the Formal Design and Analysis of Artificial Intelligence-Based Systems

Dreossi

Fremont

Ghosh

et al. 2019

Lecture Notes in Computer Science

Self Cite

176

127

View full text Add to dashboard Cite

We present VERIFAI, a software toolkit for the formal design and analysis of systems that include artificial intelligence (AI) and machine learning (ML) components. VERIFAI particularly seeks to address challenges with applying formal methods to perception and ML components, including those based on neural networks, and to model and analyze system behavior in the presence of environment uncertainty. We describe the initial version of VERIFAI which centers on simulation guided by formal models and specifications. Several use cases are illustrated with examples, including temporal-logic falsification, model-based systematic fuzz testing, parameter synthesis, counterexample analysis, and data set augmentation.

show abstract

Section: Introductionmentioning

confidence: 99%

VerifAI: A Toolkit for the Formal Design and Analysis of Artificial Intelligence-Based Systems

Dreossi

Fremont

Ghosh

et al. 2019

Lecture Notes in Computer Science

Self Cite

176

127

View full text Add to dashboard Cite

show abstract

“…All of the aforementioned methods deal with the verification and testing of NNs at the component level; however, our work targets the NN testing problem at the system level. The line of research that is the closest in spirit to our work is [7,6,8]. The procedure described in [7,6,8] analyzes the performance of the perception system using static images to identify candidate counterexamples, which they then check using simulations of the closed-loop behaviors to determine whether the system exhibits unsafe behaviors.…”

Section: Related Workmentioning

confidence: 99%

Simulation-based Adversarial Test Generation for Autonomous Vehicles with Machine Learning Components

Tuncali¹,

Fainekos

Ito³

et al. 2018

2018 IEEE Intelligent Vehicles Symposium (IV)

185

105

View full text Add to dashboard Cite

Many organizations are developing autonomous driving systems, which are expected to be deployed at a large scale in the near future. Despite this, there is a lack of agreement on appropriate methods to test, debug, and certify the performance of these systems. One of the main challenges is that many autonomous driving systems have machine learning components, such as deep neural networks, for which formal properties are difficult to characterize. We present a testing framework that is compatible with test case generation and automatic falsification methods, which are used to evaluate cyber-physical systems. We demonstrate how the framework can be used to evaluate closed-loop properties of an autonomous driving system model that includes the ML components, all within a virtual environment. We demonstrate how to use test case generation methods, such as covering arrays, as well as requirement falsification methods to automatically identify problematic test scenarios. The resulting framework can be used to increase the reliability of autonomous driving systems.

show abstract

“…Studies show that adding stickers to a stop sign in carefully positioned ways can result in the classification model to misidentify the stop sign to be a speed-limit sign. However, existing investigations on adversarial examples still focus on classification errors associated with static images and are conducted in limited experimental environments [3], [5], [11]. Research considering the learning model in a dynamic system setting, like on autonomous vehicles in the real world is sparse [12].…”

Section: B Attacks On Deep Learning For Perception and Controlmentioning

confidence: 99%

“…Despite the success of deep learning in enabling greater autonomy, a number of parallel efforts also exhibited concerning fragility of these approaches to small adversarial perturbations of inputs, such as images [4], [5]. Moreover, Fig.…”

Section: Introductionmentioning

confidence: 99%

Simple Physical Adversarial Examples against End-to-End Autonomous Driving Models

Boloor

Gill

et al. 2019

2019 IEEE International Conference on Embedded Software and Systems (ICESS)

View full text Add to dashboard Cite

Recent advances in machine learning, especially techniques such as deep neural networks, are promoting a range of high-stakes applications, including autonomous driving, which often relies on deep learning for perception. While deep learning for perception has been shown to be vulnerable to a host of subtle adversarial manipulations of images, end-toend demonstrations of successful attacks, which manipulate the physical environment and result in physical consequences, are scarce. Moreover, attacks typically involve carefully constructed adversarial examples at the level of pixels. We demonstrate the first end-to-end attacks on autonomous driving in simulation, using simple physically realizable attacks: the painting of black lines on the road. These attacks target deep neural network models for end-to-end autonomous driving control. A systematic investigation shows that such attacks are surprisingly easy to engineer, and we describe scenarios (e.g., right turns) in which they are highly effective, and others that are less vulnerable (e.g., driving straight). Further, we use network deconvolution to demonstrate that the attacks succeed by inducing activation patterns similar to entirely different scenarios used in training.

show abstract

Semantic Adversarial Deep Learning

Cited by 52 publications

References 30 publications

VerifAI: A Toolkit for the Formal Design and Analysis of Artificial Intelligence-Based Systems

VerifAI: A Toolkit for the Formal Design and Analysis of Artificial Intelligence-Based Systems

Simulation-based Adversarial Test Generation for Autonomous Vehicles with Machine Learning Components

Simple Physical Adversarial Examples against End-to-End Autonomous Driving Models

Contact Info

Product

Resources

About