Despite the functional success of deep neural networks (DNNs), their trustworthiness remains a crucial open challenge. To address this challenge, both testing and verification techniques have been proposed. But these existing techniques provide either scalability to large networks or formal guarantees, not both. In this paper, we propose a scalable quantitative verification framework for deep neural networks, i.e., a test-driven approach that comes with formal guarantees that a desired probabilistic property is satisfied. Our technique performs enough tests until soundness of a formal probabilistic property can be proven. It can be used to certify properties of both deterministic and randomized DNNs. We implement our approach in a tool called PROVERO and apply it in the context of certifying adversarial robustness of DNNs. In this context, we first show a new attack-agnostic measure of robustness which offers an alternative to purely attack-based methodology of evaluating robustness being reported today. Second, PROVERO provides certificates of robustness for large DNNs, where existing state-of-the-art verification tools fail to produce conclusive results. Our work paves the way forward for verifying properties of distributions captured by real-world deep neural networks, with provable guarantees, even where testers only have black-box access to the neural network.
翻译:尽管深层神经网络(DNNs)在运作上取得了成功,但其可靠性仍然是一个关键的公开挑战。为了应对这一挑战,已经提出了测试和核查技术。但是,这些现有技术为大型网络提供了可扩缩性,或提供了正式保障,而不是两者。在本文件中,我们为深层神经网络提出了一个可扩缩的量化核查框架,即测试驱动方法,并附有确保满足理想的概率特性的正式保证。我们的技术运行得足够,直到能够证明正式的概率属性是否可靠为止。它可以用来验证确定性和随机化的DNS的特性。我们用名为PROVERO的工具实施我们的方法,并在证明DNNS的对抗性强性的背景下加以应用。在这方面,我们首先展示了一种新的攻击性――不可忽视性强度衡量标准,为今天报告的纯粹以攻击性为基础的评估稳健性方法提供了一种替代方法。第二,PROVERO为大型DNS提供了可靠的证明。在其中现有的状态核查工具无法产生最终结果。我们的工作只能通过深层次的网络进行真实性的传播。
相关内容
微信扫码咨询专知VIP会员