Maximal Robust Neural Network Specifications via Oracle-guided Numerical OptimizationRecorded
Analyzing the robustness of neural networks is crucial for trusting them. The vast majority of existing works focus on networks’ robustness in ϵ-ball neighborhoods, but these cannot capture complex robustness specifications. We propose MaRVeL, a system for computing maximal non-uniform robust specifications that maximize a target norm. The main idea is to employ oracle-guided numerical optimization, thereby leveraging the efficiency of a numerical optimizer as well as the accuracy of a non-differentiable robustness verifier, acting as the oracle. The optimizer iteratively submits to the verifier candidate specifications, which in turn returns the closest inputs to the decision boundaries. The optimizer then computes their gradients to guide its search in the directions the specification can expand while remaining robust. We evaluate MaRVeL on several datasets and classifiers and show that its specifications are larger by 5.1x than prior works. On a two-dimensional dataset, we show that the average diameter of its specifications is 93% of the optimal average diameter, whereas the diameter of prior works’ specifications is only 26%.
Tue 17 JanDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Neural networks and Abstract InterpretationVMCAI at Arlington Chair(s): Grigory Fedyukovich Florida State University | ||
11:00 15mTalk | Maximal Robust Neural Network Specifications via Oracle-guided Numerical OptimizationRecorded VMCAI | ||
11:15 15mTalk | SMT-Based Modeling and Verification of Spiking Neural Networks: A Case StudyRecorded VMCAI | ||
11:30 30mTalk | A generic framework to coarse-grain stochastic reaction networks by Abstract Interpretation VMCAI | ||
12:00 30mTalk | Sound Symbolic Execution via Abstract Interpretation and its Application to Security VMCAI Xavier Rival Inria; ENS; CNRS; PSL University, Ignacio Tiraboschi Inria, France / ENS, France, Tamara Rezk INRIA | ||