Home > Research > Publications & Outputs > Global Robustness Evaluation of Deep Neural Net...

Electronic data

Links

Text available via DOI:

View graph of relations

Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Published

Standard

Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance. / Ruan, Wenjie; Wu, Min; Sun, Youcheng; Huang, Xiaowei; Kroening, Daniel; Kwiatkowska, Marta.

Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI 2019), August 10-16, 2019, Macau, China. IJCAI, 2019. p. 5944-5952.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Harvard

Ruan, W, Wu, M, Sun, Y, Huang, X, Kroening, D & Kwiatkowska, M 2019, Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance. in Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI 2019), August 10-16, 2019, Macau, China. IJCAI, pp. 5944-5952. https://doi.org/10.24963/ijcai.2019/824

APA

Ruan, W., Wu, M., Sun, Y., Huang, X., Kroening, D., & Kwiatkowska, M. (2019). Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance. In Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI 2019), August 10-16, 2019, Macau, China (pp. 5944-5952). IJCAI. https://doi.org/10.24963/ijcai.2019/824

Vancouver

Ruan W, Wu M, Sun Y, Huang X, Kroening D, Kwiatkowska M. Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance. In Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI 2019), August 10-16, 2019, Macau, China. IJCAI. 2019. p. 5944-5952 https://doi.org/10.24963/ijcai.2019/824

Author

Ruan, Wenjie ; Wu, Min ; Sun, Youcheng ; Huang, Xiaowei ; Kroening, Daniel ; Kwiatkowska, Marta. / Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance. Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI 2019), August 10-16, 2019, Macau, China. IJCAI, 2019. pp. 5944-5952

Bibtex

@inproceedings{b0cad36298e642c7ae76e93f23c5e8df,
title = "Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance",
abstract = "Deployment of deep neural networks (DNNs) in safety-critical systems requires provable guarantees for their correct behaviours. We compute the maximal radius of a safe norm ball around a given input, within which there are no adversarial examples for a trained DNN. We define global robustness as an expectation of the maximal safe radius over a test dataset, and develop an algorithm to approximate the global robustness measure by iteratively computing its lower and upper bounds. Our algorithm is the first efficient method for the Hamming (L0) distance, and we hypothesise that this norm is a good proxy for a certain class of physical attacks. The algorithm is anytime, ie, it returns intermediate bounds and robustness estimates that are gradually, but strictly, improved as the computation proceeds; tensor-based, ie, the computation is conducted over a set of inputs simultaneously to enable efficient GPU computation; and has provable guarantees, ie, both the bounds and the robustness estimates can converge to their optimal values. Finally, we demonstrate the utility of our approach by applying the algorithm to a set of challenging problems.",
author = "Wenjie Ruan and Min Wu and Youcheng Sun and Xiaowei Huang and Daniel Kroening and Marta Kwiatkowska",
year = "2019",
month = jul
day = "31",
doi = "10.24963/ijcai.2019/824",
language = "English",
pages = "5944--5952",
booktitle = "Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI 2019), August 10-16, 2019, Macau, China",
publisher = "IJCAI",

}

RIS

TY - GEN

T1 - Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the Hamming Distance

AU - Ruan, Wenjie

AU - Wu, Min

AU - Sun, Youcheng

AU - Huang, Xiaowei

AU - Kroening, Daniel

AU - Kwiatkowska, Marta

PY - 2019/7/31

Y1 - 2019/7/31

N2 - Deployment of deep neural networks (DNNs) in safety-critical systems requires provable guarantees for their correct behaviours. We compute the maximal radius of a safe norm ball around a given input, within which there are no adversarial examples for a trained DNN. We define global robustness as an expectation of the maximal safe radius over a test dataset, and develop an algorithm to approximate the global robustness measure by iteratively computing its lower and upper bounds. Our algorithm is the first efficient method for the Hamming (L0) distance, and we hypothesise that this norm is a good proxy for a certain class of physical attacks. The algorithm is anytime, ie, it returns intermediate bounds and robustness estimates that are gradually, but strictly, improved as the computation proceeds; tensor-based, ie, the computation is conducted over a set of inputs simultaneously to enable efficient GPU computation; and has provable guarantees, ie, both the bounds and the robustness estimates can converge to their optimal values. Finally, we demonstrate the utility of our approach by applying the algorithm to a set of challenging problems.

AB - Deployment of deep neural networks (DNNs) in safety-critical systems requires provable guarantees for their correct behaviours. We compute the maximal radius of a safe norm ball around a given input, within which there are no adversarial examples for a trained DNN. We define global robustness as an expectation of the maximal safe radius over a test dataset, and develop an algorithm to approximate the global robustness measure by iteratively computing its lower and upper bounds. Our algorithm is the first efficient method for the Hamming (L0) distance, and we hypothesise that this norm is a good proxy for a certain class of physical attacks. The algorithm is anytime, ie, it returns intermediate bounds and robustness estimates that are gradually, but strictly, improved as the computation proceeds; tensor-based, ie, the computation is conducted over a set of inputs simultaneously to enable efficient GPU computation; and has provable guarantees, ie, both the bounds and the robustness estimates can converge to their optimal values. Finally, we demonstrate the utility of our approach by applying the algorithm to a set of challenging problems.

U2 - 10.24963/ijcai.2019/824

DO - 10.24963/ijcai.2019/824

M3 - Conference contribution/Paper

SP - 5944

EP - 5952

BT - Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI 2019), August 10-16, 2019, Macau, China

PB - IJCAI

ER -