In the last years, AI systems, in particular neural networks, have seen a tremendous increase in performance, and they are now used in a broad range of applications. Unlike classical symbolic AI systems, neural networks are trained using large data sets and their inner structure containing possibly billions of parameters does not lend itself to human interpretation. As a consequence, it is so far not feasible to provide broad guarantees for the correct behaviour of neural networks during operation if they process input data that significantly differ from those seen during training. However, many applications of AI systems are security- or safety-critical, and hence require obtaining statements on the robustness of the systems when facing unexpected events, whether they occur naturally or are induced by an attacker in a targeted way. As a step towards developing robust AI systems for such applications, this paper presents how the robustness of AI systems can be practically examined and which methods and metrics can be used to do so. The robustness testing methodology is described and analysed for the example use case of traffic sign recognition in autonomous driving.
翻译:过去几年来,AI系统,特别是神经网络的性能有了巨大的提高,现在这些系统被广泛应用。与传统的具有象征意义的AI系统不同,神经网络是使用大型数据集培训的,其内部结构中可能包含数十亿项参数,因此无法进行人类解释。因此,如果神经网络在运行期间处理输入数据时的正确行为与培训期间看到的数据大不相同,那么为神经网络在运行期间的正确行为提供广泛的保障是行不通的。然而,AI系统的许多应用都是对安全或安全至关重要的,因此,在遇到意外事件时,无论是自然发生还是攻击者以有针对性的方式诱发的,都需要获得系统稳健性声明。作为为开发强有力的AI系统以进行此类应用而迈出的一步,本文介绍了如何切实检查AI系统的稳性,以及为此可以使用哪些方法和计量方法。对强性测试方法进行了描述和分析,以在自主驾驶中使用交通标志识别的例子为例。