Adaptive Parameter Tuning for Reachability Analysis of Linear Systems

Despite the possibility to quickly compute reachable sets of large-scale linear systems, current methods are not yet widely applied by practitioners. The main reason for this is probably that current approaches are not push-button-capable and still require to manually set crucial parameters, such as time step sizes and the accuracy of the used set representation---these settings require expert knowledge. We present a generic framework to automatically find near-optimal parameters for reachability analysis of linear systems given a user-defined accuracy. To limit the computational overhead as much as possible, our methods tune all relevant parameters during runtime. We evaluate our approach on benchmarks from the ARCH competition as well as on random examples. Our results show that our new framework verifies the selected benchmarks faster than manually-tuned parameters and is an order of magnitude faster compared to genetic algorithms

ARCH-COMP19 Category Report: Continuous and hybrid systems with nonlinear dynamics

We present the results of a friendly competition for formal verification of continuous and hybrid systems with nonlinear continuous dynamics. The friendly competition took place as part of the workshop Applied Verification for Continuous and Hybrid Systems (ARCH) in 2019. In this year, 6 tools Ariadne, CORA, DynIbex, Flow*, Isabelle/HOL, and JuliaReach (in alphabetic order) participated. They are applied to solve reachability analysis problems on four benchmark problems, one of them with hybrid dynamics. We do not rank the tools based on the results, but show the current status and discover the potential advantages of different tools

POLAR: A Polynomial Arithmetic Framework for Verifying Neural-Network Controlled Systems

We propose POLAR, a \textbf{pol}ynomial \textbf{ar}ithmetic framework that leverages polynomial overapproximations with interval remainders for bounded-time reachability analysis of neural network-controlled systems (NNCSs). Compared with existing arithmetic approaches that use standard Taylor models, our framework uses a novel approach to iteratively overapproximate the neuron output ranges layer-by-layer with a combination of Bernstein polynomial interpolation for continuous activation functions and Taylor model arithmetic for the other operations. This approach can overcome the main drawback in the standard Taylor model arithmetic, i.e. its inability to handle functions that cannot be well approximated by Taylor polynomials, and significantly improve the accuracy and efficiency of reachable states computation for NNCSs. To further tighten the overapproximation, our method keeps the Taylor model remainders symbolic under the linear mappings when estimating the output range of a neural network. We show that POLAR can be seamlessly integrated with existing Taylor model flowpipe construction techniques, and demonstrate that POLAR significantly outperforms the current state-of-the-art techniques on a suite of benchmarks

PolyARBerNN: A Neural Network Guided Solver and Optimizer for Bounded Polynomial Inequalities

Constraints solvers play a significant role in the analysis, synthesis, and formal verification of complex embedded and cyber-physical systems. In this paper, we study the problem of designing a scalable constraints solver for an important class of constraints named polynomial constraint inequalities (also known as non-linear real arithmetic theory). In this paper, we introduce a solver named PolyARBerNN that uses convex polynomials as abstractions for highly nonlinear polynomials. Such abstractions were previously shown to be powerful to prune the search space and restrict the usage of sound and complete solvers to small search spaces. Compared with the previous efforts on using convex abstractions, PolyARBerNN provides three main contributions namely (i) a neural network guided abstraction refinement procedure that helps selecting the right abstraction out of a set of pre-defined abstractions, (ii) a Bernstein polynomial-based search space pruning mechanism that can be used to compute tight estimates of the polynomial maximum and minimum values which can be used as an additional abstraction of the polynomials, and (iii) an optimizer that transforms polynomial objective functions into polynomial constraints (on the gradient of the objective function) whose solutions are guaranteed to be close to the global optima. These enhancements together allowed the PolyARBerNN solver to solve complex instances and scales more favorably compared to the state-of-art non-linear real arithmetic solvers while maintaining the soundness and completeness of the resulting solver. In particular, our test benches show that PolyARBerNN achieved 100X speedup compared with Z3 8.9, Yices 2.6, and NASALib (a solver that uses Bernstein expansion to solve multivariate polynomial constraints) on a variety of standard test benches

Real-time Adaptive Detection and Recovery against Sensor Attacks in Cyber-physical Systems

Cyber-physical systems (CPSs) utilize computation to control physical objects in real-world environments, and an increasing number of CPS-based applications have been designed for life-critical purposes. Sensor attacks, which manipulate sensor readings to deceive CPSs into performing dangerous actions, can result in severe consequences. This urgent need has motivated significant research into reactive defense. In this dissertation, we present an adaptive detection method capable of identifying sensor attacks before the system reaches unsafe states. Once the attacks are detected, a recovery approach that we propose can guide the physical plant to a desired safe state before a safety deadline.Existing detection approaches tend to minimize detection delay and false alarms simultaneously, despite a clear trade-off between these two metrics. We argue that attack detection should dynamically balance these metrics according to the physical system\u27s current state. In line with this argument, we propose an adaptive sensor attack detection system comprising three components: an adaptive detector, a detection deadline estimator, and a data logger. This system can adapt the detection delay and thus false alarms in real-time to meet a varying detection deadline, thereby improving usability. We implement our detection system and validate it using multiple CPS simulators and a reduced-scale autonomous vehicle testbed. After identifying sensor attacks, it is essential to extend the benefits of attack detection. In this dissertation, we investigate how to eliminate the impact of these attacks and propose novel real-time recovery methods for securing CPSs. Initially, we target sensor attack recovery in linear CPSs. By employing formal methods, we are able to reconstruct state estimates and calculate a conservative safety deadline. With these constraints, we formulate the recovery problem as either a linear programming or a quadratic programming problem. By solving this problem, we obtain a recovery control sequence that can smoothly steer a physical system back to a target state set before a safe deadline and maintain the system state within the set once reached. Subsequently, to make recovery practical for complex CPSs, we adapt our recovery method for nonlinear systems and explore the use of uncorrupted sensors to alleviate uncertainty accumulation. Ultimately, we implement our approach and showcase its effectiveness and efficiency through an extensive set of experiments. For linear CPSs, we evaluate the approach using 5 CPS simulators and 3 types of sensor attacks. For nonlinear CPSs, we assess our method on 3 nonlinear benchmarks