The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Neural network robustness as a verification property: a principled case study

Neural network robustness as a verification property: a principled case study
Neural network robustness as a verification property: a principled case study

Neural networks are very successful at detecting patterns in noisy data, and have become the technology of choice in many fields. However, their usefulness is hampered by their susceptibility to adversarial attacks. Recently, many methods for measuring and improving a network’s robustness to adversarial perturbations have been proposed, and this growing body of research has given rise to numerous explicit or implicit notions of robustness. Connections between these notions are often subtle, and a systematic comparison between them is missing in the literature. In this paper we begin addressing this gap, by setting up general principles for the empirical analysis and evaluation of a network’s robustness as a mathematical property—during the network’s training phase, its verification, and after its deployment. We then apply these principles and conduct a case study that showcases the practical benefits of our general approach.

Adversarial Training, Neural Networks, Robustness, Verification
0302-9743
219-231
Springer Cham
Casadio, Marco
f32f79ab-7e18-4ed0-bc17-8988a2b7786c
Komendantskaya, Ekaterina
f12d9c23-5589-40b8-bcf9-a04fe9dedf61
Daggitt, Matthew L.
7788a0b1-f07e-4b37-b34a-77b7d6ad4005
Kokke, Wen
94b622bd-ee25-4f29-87db-9bb0344d95a7
Katz, Guy
0d2bbdb4-3a24-482d-822d-bf8336f92500
Amir, Guy
9ceb2771-6842-4f15-965f-68be5ddaa7d6
Refaeli, Idan
e7956c91-d6cc-4bff-a225-4529ad60a54b
Shoham, Sharon
Vizel, Yakir
Casadio, Marco
f32f79ab-7e18-4ed0-bc17-8988a2b7786c
Komendantskaya, Ekaterina
f12d9c23-5589-40b8-bcf9-a04fe9dedf61
Daggitt, Matthew L.
7788a0b1-f07e-4b37-b34a-77b7d6ad4005
Kokke, Wen
94b622bd-ee25-4f29-87db-9bb0344d95a7
Katz, Guy
0d2bbdb4-3a24-482d-822d-bf8336f92500
Amir, Guy
9ceb2771-6842-4f15-965f-68be5ddaa7d6
Refaeli, Idan
e7956c91-d6cc-4bff-a225-4529ad60a54b
Shoham, Sharon
Vizel, Yakir

Casadio, Marco, Komendantskaya, Ekaterina, Daggitt, Matthew L., Kokke, Wen, Katz, Guy, Amir, Guy and Refaeli, Idan (2022) Neural network robustness as a verification property: a principled case study. Shoham, Sharon and Vizel, Yakir (eds.) In Computer Aided Verification - 34th International Conference, CAV 2022, Proceedings. vol. 13371 LNCS, Springer Cham. pp. 219-231 . (doi:10.1007/978-3-031-13185-1_11).

Record type: Conference or Workshop Item (Paper)

Abstract

Neural networks are very successful at detecting patterns in noisy data, and have become the technology of choice in many fields. However, their usefulness is hampered by their susceptibility to adversarial attacks. Recently, many methods for measuring and improving a network’s robustness to adversarial perturbations have been proposed, and this growing body of research has given rise to numerous explicit or implicit notions of robustness. Connections between these notions are often subtle, and a systematic comparison between them is missing in the literature. In this paper we begin addressing this gap, by setting up general principles for the empirical analysis and evaluation of a network’s robustness as a mathematical property—during the network’s training phase, its verification, and after its deployment. We then apply these principles and conduct a case study that showcases the practical benefits of our general approach.

This record has no associated files available for download.

More information

Published date: 2022
Additional Information: Funding Information: Acknowledgement. Authors acknowledge support of EPSRC grant AISEC EP/T026952/1 and NCSC grant Neural Network Verification: in search of the missing spec. Publisher Copyright: © 2022, The Author(s).
Venue - Dates: 34th International Conference on Computer Aided Verification, CAV 2022, , Haifa, Israel, 2022-08-07 - 2022-08-10
Keywords: Adversarial Training, Neural Networks, Robustness, Verification
Learn more about Cyber Physical Systems research

Identifiers

Local EPrints ID: 482776
URI: http://eprints.soton.ac.uk/id/eprint/482776
DOI: doi:10.1007/978-3-031-13185-1_11
ISSN: 0302-9743
PURE UUID: 3eadbd24-9590-48f4-b2d6-4477010b3b3a

Catalogue record

Date deposited: 12 Oct 2023 16:43
Last modified: 05 Jun 2024 19:24

Export record

Altmetrics

Contributors

Author: Marco Casadio
Author: Ekaterina Komendantskaya
Author: Matthew L. Daggitt
Author: Wen Kokke
Author: Guy Katz
Author: Guy Amir
Author: Idan Refaeli
Editor: Sharon Shoham
Editor: Yakir Vizel

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×