25,203 research outputs found
SpecAttack: Specification-Based Adversarial Training for Deep Neural Networks
Safety specification-based adversarial training aims to generate examples
violating a formal safety specification and therefore provides approaches for
repair. The need for maintaining high prediction accuracy while ensuring the
save behavior remains challenging. Thus we present SpecAttack, a
query-efficient counter-example generation and repair method for deep neural
networks. Using SpecAttack allows specifying safety constraints on the model to
find inputs that violate these constraints. These violations are then used to
repair the neural network via re-training such that it becomes provably safe.
We evaluate SpecAttack's performance on the task of counter-example generation
and repair. Our experimental evaluation demonstrates that SpecAttack is in most
cases more query-efficient than comparable attacks, yields counter-examples of
higher quality, with its repair technique being more efficient, maintaining
higher functional correctness, and provably guaranteeing safety specification
compliance
Compositional Falsification of Cyber-Physical Systems with Machine Learning Components
Cyber-physical systems (CPS), such as automotive systems, are starting to
include sophisticated machine learning (ML) components. Their correctness,
therefore, depends on properties of the inner ML modules. While learning
algorithms aim to generalize from examples, they are only as good as the
examples provided, and recent efforts have shown that they can produce
inconsistent output under small adversarial perturbations. This raises the
question: can the output from learning components can lead to a failure of the
entire CPS? In this work, we address this question by formulating it as a
problem of falsifying signal temporal logic (STL) specifications for CPS with
ML components. We propose a compositional falsification framework where a
temporal logic falsifier and a machine learning analyzer cooperate with the aim
of finding falsifying executions of the considered model. The efficacy of the
proposed technique is shown on an automatic emergency braking system model with
a perception component based on deep neural networks
Neural Networks for Safety-Critical Applications - Challenges, Experiments and Perspectives
We propose a methodology for designing dependable Artificial Neural Networks
(ANN) by extending the concepts of understandability, correctness, and validity
that are crucial ingredients in existing certification standards. We apply the
concept in a concrete case study in designing a high-way ANN-based motion
predictor to guarantee safety properties such as impossibility for the ego
vehicle to suggest moving to the right lane if there exists another vehicle on
its right.Comment: Summary for activities conducted in the fortiss
Eigenforschungsprojekt "TdpSW - Towards dependable and predictable SW for
ML-based autonomous systems". All ANN-based motion predictors being formally
analyzed are available in the source fil
A Formalization of Robustness for Deep Neural Networks
Deep neural networks have been shown to lack robustness to small input
perturbations. The process of generating the perturbations that expose the lack
of robustness of neural networks is known as adversarial input generation. This
process depends on the goals and capabilities of the adversary, In this paper,
we propose a unifying formalization of the adversarial input generation process
from a formal methods perspective. We provide a definition of robustness that
is general enough to capture different formulations. The expressiveness of our
formalization is shown by modeling and comparing a variety of adversarial
attack techniques
- …