ε-weakened Robustness of Deep Neural Networks

Huang, Pei; Yang, Yuting; Liu, Minghao; Jia, Fuqi; Ma, Feifei; Jian, Zhang

doi:10.48550/arxiv.2110.15764

Cited by 1 publication

(1 citation statement)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most of them provide sound DNN robustness estimation in the form of a norm ball, but typically for very small networks or with pessimistic estimation of the norm ball radius. By contrast, statistical methods [5,6,11,28,44,74,75,78] are more efficient and scalable when the structure of DNNs is complex. The primary difference between these methods and DeepPAC is that our method is model-based and thus more accurate.…”

Section: Related Workmentioning

confidence: 99%

Towards practical robustness analysis for DNNs based on PAC-model learning

Yang²,

Huang³

et al. 2022

Proceedings of the 44th International Conference on Software Engineering

View full text Add to dashboard Cite

To analyse local robustness properties of deep neural networks (DNNs), we present a practical framework from a model learning perspective. Based on black-box model learning with scenario optimisation, we abstract the local behaviour of a DNN via an affine model with the probably approximately correct (PAC) guarantee. From the learned model, we can infer the corresponding PAC-model robustness property. The innovation of our work is the integration of model learning into PAC robustness analysis: that is, we construct a PAC guarantee on the model level instead of sample distribution, which induces a more faithful and accurate robustness evaluation. This is in contrast to existing statistical methods without model learning. We implement our method in a prototypical tool named DeepPAC. As a black-box method, DeepPAC is scalable and efficient, especially when DNNs have complex structures or high-dimensional inputs. We extensively evaluate DeepPAC, with 4 baselines (using formal verification, statistical methods, testing and adversarial attack) and 20 DNN models across 3 datasets, including MNIST, CIFAR-10, and ImageNet. It is shown that DeepPAC outperforms the state-of-the-art statistical method PROVERO, and it achieves more practical robustness analysis than the formal verification tool ERAN. Also, its results are consistent with existing DNN testing work like DeepGini. CCS CONCEPTS• Security and privacy → Software and application security;• Computing methodologies → Artificial intelligence.

show abstract