Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks

Xingwu Guo; Wenjie Wan; Zhaodi Zhang; Min Zhang; Fu Song; Xuejun Wen

doi:10.1109/ISSRE52982.2021.00044

Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks

Xingwu Guo
, Wenjie Wan
, Zhaodi Zhang
, Min Zhang^*
, Fu Song
, Xuejun Wen

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

Formal robustness verification of deep neural networks (DNNs) is a promising approach for achieving a provable reliability guarantee to AI-enabled software systems. Limited scalability is one of the main obstacles to the verification problem. In this paper, we propose eager falsification to accelerate the robustness verification of DNNs. It divides the verification problem into a set of independent subproblems and solves them in descending order of their falsification probabilities. Once a subproblem is falsified, the verification terminates with a conclusion that the network is not robust. We introduce a notion of label affinity to measure the falsification probability and present an approach to computing the probability based on symbolic interval propagation. Our approach is orthogonal to existing verification techniques. We integrate it into four state-of-the-art verification tools, i.e., MIPVerify, Neurify, DeepZ, and DeepPoly, and conduct extensive experiments on 8 benchmark datasets. The experimental results show that our approach can significantly improve these tools by up to 200x speedup when the perturbation distance is in a reasonable range.

Original language	English
Title of host publication	Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021
Editors	Zhi Jin, Xuandong Li, Jianwen Xiang, Leonardo Mariani, Ting Liu, Xiao Yu, Nahgmeh Ivaki
Publisher	IEEE Computer Society
Pages	345-356
Number of pages	12
ISBN (Electronic)	9781665425872
DOIs	https://doi.org/10.1109/ISSRE52982.2021.00044
State	Published - 2021
Event	32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021 - Wuhan, China Duration: 25 Oct 2021 → 28 Oct 2021

Publication series

Name	Proceedings - International Symposium on Software Reliability Engineering, ISSRE
Volume	2021-October
ISSN (Print)	1071-9458

Conference

Conference	32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021
Country/Territory	China
City	Wuhan
Period	25/10/21 → 28/10/21

Keywords

Adversarial example
Deep neural network
Robustness verification
Scalability

Access to Document

10.1109/ISSRE52982.2021.00044

Cite this

Guo, X., Wan, W., Zhang, Z., Zhang, M., Song, F., & Wen, X. (2021). Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks. In Z. Jin, X. Li, J. Xiang, L. Mariani, T. Liu, X. Yu, & N. Ivaki (Eds.), Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021 (pp. 345-356). (Proceedings - International Symposium on Software Reliability Engineering, ISSRE; Vol. 2021-October). IEEE Computer Society. https://doi.org/10.1109/ISSRE52982.2021.00044

Guo, Xingwu ; Wan, Wenjie ; Zhang, Zhaodi et al. / Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks. Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. editor / Zhi Jin ; Xuandong Li ; Jianwen Xiang ; Leonardo Mariani ; Ting Liu ; Xiao Yu ; Nahgmeh Ivaki. IEEE Computer Society, 2021. pp. 345-356 (Proceedings - International Symposium on Software Reliability Engineering, ISSRE).

@inproceedings{ed9559d864304f418c398595cf4a4c82,

title = "Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks",

abstract = "Formal robustness verification of deep neural networks (DNNs) is a promising approach for achieving a provable reliability guarantee to AI-enabled software systems. Limited scalability is one of the main obstacles to the verification problem. In this paper, we propose eager falsification to accelerate the robustness verification of DNNs. It divides the verification problem into a set of independent subproblems and solves them in descending order of their falsification probabilities. Once a subproblem is falsified, the verification terminates with a conclusion that the network is not robust. We introduce a notion of label affinity to measure the falsification probability and present an approach to computing the probability based on symbolic interval propagation. Our approach is orthogonal to existing verification techniques. We integrate it into four state-of-the-art verification tools, i.e., MIPVerify, Neurify, DeepZ, and DeepPoly, and conduct extensive experiments on 8 benchmark datasets. The experimental results show that our approach can significantly improve these tools by up to 200x speedup when the perturbation distance is in a reasonable range.",

keywords = "Adversarial example, Deep neural network, Robustness verification, Scalability",

author = "Xingwu Guo and Wenjie Wan and Zhaodi Zhang and Min Zhang and Fu Song and Xuejun Wen",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021 ; Conference date: 25-10-2021 Through 28-10-2021",

year = "2021",

doi = "10.1109/ISSRE52982.2021.00044",

language = "英语",

series = "Proceedings - International Symposium on Software Reliability Engineering, ISSRE",

publisher = "IEEE Computer Society",

pages = "345--356",

editor = "Zhi Jin and Xuandong Li and Jianwen Xiang and Leonardo Mariani and Ting Liu and Xiao Yu and Nahgmeh Ivaki",

booktitle = "Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021",

address = "美国",

}

Guo, X, Wan, W, Zhang, Z, Zhang, M, Song, F & Wen, X 2021, Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks. in Z Jin, X Li, J Xiang, L Mariani, T Liu, X Yu & N Ivaki (eds), Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. Proceedings - International Symposium on Software Reliability Engineering, ISSRE, vol. 2021-October, IEEE Computer Society, pp. 345-356, 32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021, Wuhan, China, 25/10/21. https://doi.org/10.1109/ISSRE52982.2021.00044

Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks. / Guo, Xingwu; Wan, Wenjie; Zhang, Zhaodi et al.
Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. ed. / Zhi Jin; Xuandong Li; Jianwen Xiang; Leonardo Mariani; Ting Liu; Xiao Yu; Nahgmeh Ivaki. IEEE Computer Society, 2021. p. 345-356 (Proceedings - International Symposium on Software Reliability Engineering, ISSRE; Vol. 2021-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks

AU - Guo, Xingwu

AU - Wan, Wenjie

AU - Zhang, Zhaodi

AU - Zhang, Min

AU - Song, Fu

AU - Wen, Xuejun

PY - 2021

Y1 - 2021

N2 - Formal robustness verification of deep neural networks (DNNs) is a promising approach for achieving a provable reliability guarantee to AI-enabled software systems. Limited scalability is one of the main obstacles to the verification problem. In this paper, we propose eager falsification to accelerate the robustness verification of DNNs. It divides the verification problem into a set of independent subproblems and solves them in descending order of their falsification probabilities. Once a subproblem is falsified, the verification terminates with a conclusion that the network is not robust. We introduce a notion of label affinity to measure the falsification probability and present an approach to computing the probability based on symbolic interval propagation. Our approach is orthogonal to existing verification techniques. We integrate it into four state-of-the-art verification tools, i.e., MIPVerify, Neurify, DeepZ, and DeepPoly, and conduct extensive experiments on 8 benchmark datasets. The experimental results show that our approach can significantly improve these tools by up to 200x speedup when the perturbation distance is in a reasonable range.

AB - Formal robustness verification of deep neural networks (DNNs) is a promising approach for achieving a provable reliability guarantee to AI-enabled software systems. Limited scalability is one of the main obstacles to the verification problem. In this paper, we propose eager falsification to accelerate the robustness verification of DNNs. It divides the verification problem into a set of independent subproblems and solves them in descending order of their falsification probabilities. Once a subproblem is falsified, the verification terminates with a conclusion that the network is not robust. We introduce a notion of label affinity to measure the falsification probability and present an approach to computing the probability based on symbolic interval propagation. Our approach is orthogonal to existing verification techniques. We integrate it into four state-of-the-art verification tools, i.e., MIPVerify, Neurify, DeepZ, and DeepPoly, and conduct extensive experiments on 8 benchmark datasets. The experimental results show that our approach can significantly improve these tools by up to 200x speedup when the perturbation distance is in a reasonable range.

KW - Adversarial example

KW - Deep neural network

KW - Robustness verification

KW - Scalability

UR - https://www.scopus.com/pages/publications/85126390958

U2 - 10.1109/ISSRE52982.2021.00044

DO - 10.1109/ISSRE52982.2021.00044

M3 - 会议稿件

AN - SCOPUS:85126390958

T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE

SP - 345

EP - 356

BT - Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021

A2 - Jin, Zhi

A2 - Li, Xuandong

A2 - Xiang, Jianwen

A2 - Mariani, Leonardo

A2 - Liu, Ting

A2 - Yu, Xiao

A2 - Ivaki, Nahgmeh

PB - IEEE Computer Society

T2 - 32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021

Y2 - 25 October 2021 through 28 October 2021

ER -

Guo X, Wan W, Zhang Z, Zhang M, Song F, Wen X. Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks. In Jin Z, Li X, Xiang J, Mariani L, Liu T, Yu X, Ivaki N, editors, Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. IEEE Computer Society. 2021. p. 345-356. (Proceedings - International Symposium on Software Reliability Engineering, ISSRE). doi: 10.1109/ISSRE52982.2021.00044

Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this