TY - GEN
T1 - Verification-Aided Deep Ensemble Selection
AU - Amir, Guy
AU - Zelazny, Tom
AU - Katz, Guy
AU - Schapira, Michael
N1 - Publisher Copyright: © 2022 FMCAD Association and authors.
PY - 2022
Y1 - 2022
N2 - Deep neural networks (DNNs) have become the technology of choice for realizing a variety of complex tasks. However, as highlighted by many recent studies, even an imperceptible perturbation to a correctly classified input can lead to misclassification by a DNN. This renders DNNs vulnerable to strategic input manipulations by attackers, and also over-sensitive to environmental noise. To mitigate this phenomenon, practitioners apply joint classification by an ensemble of DNNs. By aggregating the classification outputs of different individual DNNs for the same input, ensemble-based classification reduces the risk of misclassifications due to the specific realization of the stochastic training process of any single DNN. However, the effectiveness of a DNN ensemble is highly dependent on its members not simultaneously erring on many different inputs. In this case study, we harness recent advances in DNN verification to devise a methodology for identifying ensemble compositions that are less prone to simultaneous errors, even when the input is adversarially perturbed - resulting in more robustly-accurate ensemble-based classification. Our proposed framework uses a DNN verifier as a backend, and includes heuristics that help reduce the high complexity of directly verifying ensembles. More broadly, our work puts forth a novel universal objective for formal verification that can potentially improve the robustness of real-world, deep-learning-based systems across a variety of application domains.
AB - Deep neural networks (DNNs) have become the technology of choice for realizing a variety of complex tasks. However, as highlighted by many recent studies, even an imperceptible perturbation to a correctly classified input can lead to misclassification by a DNN. This renders DNNs vulnerable to strategic input manipulations by attackers, and also over-sensitive to environmental noise. To mitigate this phenomenon, practitioners apply joint classification by an ensemble of DNNs. By aggregating the classification outputs of different individual DNNs for the same input, ensemble-based classification reduces the risk of misclassifications due to the specific realization of the stochastic training process of any single DNN. However, the effectiveness of a DNN ensemble is highly dependent on its members not simultaneously erring on many different inputs. In this case study, we harness recent advances in DNN verification to devise a methodology for identifying ensemble compositions that are less prone to simultaneous errors, even when the input is adversarially perturbed - resulting in more robustly-accurate ensemble-based classification. Our proposed framework uses a DNN verifier as a backend, and includes heuristics that help reduce the high complexity of directly verifying ensembles. More broadly, our work puts forth a novel universal objective for formal verification that can potentially improve the robustness of real-world, deep-learning-based systems across a variety of application domains.
UR - http://www.scopus.com/inward/record.url?scp=85136141513&partnerID=8YFLogxK
U2 - 10.34727/2022/isbn.978-3-85448-053-2-8
DO - 10.34727/2022/isbn.978-3-85448-053-2-8
M3 - منشور من مؤتمر
T3 - Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design, FMCAD 2022
SP - 27
EP - 37
BT - Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design, FMCAD 2022
A2 - Griggio, Alberto
A2 - Rungta, Neha
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 22nd International Conference on Formal Methods in Computer-Aided Design, FMCAD 2022
Y2 - 17 October 2022 through 21 October 2022
ER -