Neural networks, secure by construction: an exploration of refinement types
Neural networks, secure by construction: an exploration of refinement types
We present StarChild and Lazuli, two libraries which leverage refinement types to verify neural networks, implemented in F∗ and Liquid Haskell. Refinement types are types augmented, or refined, with assertions about values of that type,“integers greater than five”, which are checked by an SMT solver. Crucially, these assertions are written in the language itself. A user of our library can refine the type of neural networks,“neural networks which are robust against adversarial attacks”, and expect F∗ to handle the verification of this claim for any specific network, without having to change the representation of the network, or even having to learn about SMT solvers. Our initial experiments indicate that our approach could greatly reduce the burden of verifying neural networks. Unfortunately, they also show that SMT solvers do not scale to the sizes required for neural network verification.
Neural networks, Refinement types, Verification
67-85
Kokke, Wen
94b622bd-ee25-4f29-87db-9bb0344d95a7
Komendantskaya, Ekaterina
f12d9c23-5589-40b8-bcf9-a04fe9dedf61
Kienitz, Daniel
3023b299-5ac1-47ee-9869-84f7aef7175d
Atkey, Robert
ce1c4893-d028-4be1-9888-b268e8fa18d8
Aspinall, David
745441ea-f29f-4218-aa03-ab300cf8a9ce
2020
Kokke, Wen
94b622bd-ee25-4f29-87db-9bb0344d95a7
Komendantskaya, Ekaterina
f12d9c23-5589-40b8-bcf9-a04fe9dedf61
Kienitz, Daniel
3023b299-5ac1-47ee-9869-84f7aef7175d
Atkey, Robert
ce1c4893-d028-4be1-9888-b268e8fa18d8
Aspinall, David
745441ea-f29f-4218-aa03-ab300cf8a9ce
Kokke, Wen, Komendantskaya, Ekaterina, Kienitz, Daniel, Atkey, Robert and Aspinall, David
(2020)
Neural networks, secure by construction: an exploration of refinement types.
Oliveira, Bruno C.
(ed.)
In Programming Languages and Systems - 18th Asian Symposium, APLAS 2020, Proceedings.
vol. 12470 LNCS,
Springer Cham.
.
(doi:10.1007/978-3-030-64437-6_4).
Record type:
Conference or Workshop Item
(Paper)
Abstract
We present StarChild and Lazuli, two libraries which leverage refinement types to verify neural networks, implemented in F∗ and Liquid Haskell. Refinement types are types augmented, or refined, with assertions about values of that type,“integers greater than five”, which are checked by an SMT solver. Crucially, these assertions are written in the language itself. A user of our library can refine the type of neural networks,“neural networks which are robust against adversarial attacks”, and expect F∗ to handle the verification of this claim for any specific network, without having to change the representation of the network, or even having to learn about SMT solvers. Our initial experiments indicate that our approach could greatly reduce the burden of verifying neural networks. Unfortunately, they also show that SMT solvers do not scale to the sizes required for neural network verification.
This record has no associated files available for download.
More information
Published date: 2020
Additional Information:
Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
Venue - Dates:
18th Asian Symposium on Programming Languages and Systems, APLAS 2020, , Fukuoka, Japan, 2020-11-30 - 2020-12-02
Keywords:
Neural networks, Refinement types, Verification
Identifiers
Local EPrints ID: 482780
URI: http://eprints.soton.ac.uk/id/eprint/482780
ISSN: 0302-9743
PURE UUID: 018439a6-fe1d-43cf-8d86-df96502eb7af
Catalogue record
Date deposited: 12 Oct 2023 16:43
Last modified: 17 Mar 2024 05:09
Export record
Altmetrics
Contributors
Author:
Wen Kokke
Author:
Ekaterina Komendantskaya
Author:
Daniel Kienitz
Author:
Robert Atkey
Author:
David Aspinall
Editor:
Bruno C. Oliveira
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics