TY - GEN
T1 - Maximal Robust Neural Network Specifications via Oracle-Guided Numerical Optimization
AU - Kabaha, Anan
AU - Drachsler-Cohen, Dana
N1 - Publisher Copyright: © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - Analyzing the robustness of neural networks is crucial for trusting them. The vast majority of existing works focus on networks’ robustness in -ball neighborhoods, but these cannot capture complex robustness specifications. We propose MaRVeL, a system for computing maximal non-uniform robust specifications that maximize a target norm. The main idea is to employ oracle-guided numerical optimization, thereby leveraging the efficiency of a numerical optimizer as well as the accuracy of a non-differentiable robustness verifier, acting as the oracle. The optimizer iteratively submits to the verifier candidate specifications, which in turn returns the closest inputs to the decision boundaries. The optimizer then computes their gradients to guide its search in the directions the specification can expand while remaining robust. We evaluate MaRVeL on several datasets and classifiers and show that its specifications are larger by 5.1x than prior works. On a two-dimensional dataset, we show that the average diameter of its specifications is 93% of the optimal average diameter, whereas the diameter of prior works’ specifications is only 26%.
AB - Analyzing the robustness of neural networks is crucial for trusting them. The vast majority of existing works focus on networks’ robustness in -ball neighborhoods, but these cannot capture complex robustness specifications. We propose MaRVeL, a system for computing maximal non-uniform robust specifications that maximize a target norm. The main idea is to employ oracle-guided numerical optimization, thereby leveraging the efficiency of a numerical optimizer as well as the accuracy of a non-differentiable robustness verifier, acting as the oracle. The optimizer iteratively submits to the verifier candidate specifications, which in turn returns the closest inputs to the decision boundaries. The optimizer then computes their gradients to guide its search in the directions the specification can expand while remaining robust. We evaluate MaRVeL on several datasets and classifiers and show that its specifications are larger by 5.1x than prior works. On a two-dimensional dataset, we show that the average diameter of its specifications is 93% of the optimal average diameter, whereas the diameter of prior works’ specifications is only 26%.
UR - http://www.scopus.com/inward/record.url?scp=85148686967&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-24950-1_10
DO - 10.1007/978-3-031-24950-1_10
M3 - منشور من مؤتمر
SN - 9783031249495
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 203
EP - 227
BT - Verification, Model Checking, and Abstract Interpretation - 24th International Conference, VMCAI 2023, Proceedings
A2 - Dragoi, Cezara
A2 - Emmi, Michael
A2 - Wang, Jingbo
PB - Springer Science and Business Media Deutschland GmbH
T2 - 24th International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI 2023
Y2 - 16 January 2023 through 17 January 2023
ER -