DEM: A Method for Certifying Deep Neural Network Classifier Outputs in Aerospace

Air transportation, a critical component of modern life, faces significant challenges concerning efficiency, environ-mental sustainability, and safety. Addressing these challenges necessitates innovative solutions, such as using deep neural networks (DNNs). However, although DNNs demonstrate remark-able performance, they remain susceptible to tiny perturbations in their inputs, which may result in misclassification. The vulnerability, known as adversarial inputs, may trigger a chain of events that could result in significant, or even catastrophic, failures. In this regard, adversarial inputs constitute a crucial obstacle to the integration of DNNs into safety-critical aerospace systems. In the present work, we introduce a novel, output-centric method for certifying DNNs that addresses this challenge. This method utilizes statistical techniques to flag out specific inputs for which the DNN's output might be unreliable so that a human expert may examine them. In contrast to existing techniques, which typically attempt to certify the entire DNN, the proposed method certifies specific outputs. Moreover, the proposed method uses the DNN as a black box and makes no assumptions about its topology. We developed a proof-of-concept tool called DEM to demon-strate the feasibility of the proposed method. For evaluation, we tested the proposed method on a VGG-16 model, trained on the CIFAR16 dataset, showing that the proposed method achieved a high percentage of success in detecting adversarial inputs. We believe this work constitutes another step towards integrating deep neural networks in safety-critical applications - especially in the aerospace domain, where high standards of quality and reliability are crucial.