TY - GEN
T1 - Robustness Verification of Multi-label Neural Network Classifiers
AU - Mour, Julian
AU - Drachsler-Cohen, Dana
N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.
PY - 2025
Y1 - 2025
N2 - Multi-label neural networks are important in various tasks, including safety-critical tasks. Several works show that these networks are susceptible to adversarial attacks, which can remove a target label from the predicted label list or add a target label to this list. To date, no deterministic verifier determines the list of labels for which a multi-label neural network is locally robust. The main challenge is that the complexity of the analysis increases by a factor exponential in the multiplication of the number of labels and the number of predicted labels. We propose MuLLoC, a sound and complete robustness verifier for multi-label image classifiers that determines the robust labels in a given neighborhood of inputs. To scale the analysis, MuLLoC relies on fast optimistic queries to the network or to a constraint solver. Its queries include sampling and pair-wise relation analysis via numerical optimization and mixed-integer linear programming (MILP). For the remaining unclassified labels, MuLLoC performs an exact analysis by a novel mixed-integer programming (MIP) encoding for multi-label classifiers. We evaluate MuLLoC on convolutional networks for three multi-label image datasets. Our results show that MuLLoC classifies all labels as robust or not within 23.22 min on average and that our fast optimistic queries classify 96.84% of the labels.
AB - Multi-label neural networks are important in various tasks, including safety-critical tasks. Several works show that these networks are susceptible to adversarial attacks, which can remove a target label from the predicted label list or add a target label to this list. To date, no deterministic verifier determines the list of labels for which a multi-label neural network is locally robust. The main challenge is that the complexity of the analysis increases by a factor exponential in the multiplication of the number of labels and the number of predicted labels. We propose MuLLoC, a sound and complete robustness verifier for multi-label image classifiers that determines the robust labels in a given neighborhood of inputs. To scale the analysis, MuLLoC relies on fast optimistic queries to the network or to a constraint solver. Its queries include sampling and pair-wise relation analysis via numerical optimization and mixed-integer linear programming (MILP). For the remaining unclassified labels, MuLLoC performs an exact analysis by a novel mixed-integer programming (MIP) encoding for multi-label classifiers. We evaluate MuLLoC on convolutional networks for three multi-label image datasets. Our results show that MuLLoC classifies all labels as robust or not within 23.22 min on average and that our fast optimistic queries classify 96.84% of the labels.
UR - http://www.scopus.com/inward/record.url?scp=85218149613&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-74776-2_13
DO - 10.1007/978-3-031-74776-2_13
M3 - منشور من مؤتمر
SN - 9783031747755
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 327
EP - 351
BT - Static Analysis - 31st International Symposium, SAS 2024, Proceedings
A2 - Giacobazzi, Roberto
A2 - Gorla, Alessandra
PB - Springer Science and Business Media Deutschland GmbH
T2 - 31st International Static Analysis Symposium, SAS 2024
Y2 - 20 October 2024 through 22 October 2024
ER -