707 research outputs found
A Formalization of Robustness for Deep Neural Networks
Deep neural networks have been shown to lack robustness to small input
perturbations. The process of generating the perturbations that expose the lack
of robustness of neural networks is known as adversarial input generation. This
process depends on the goals and capabilities of the adversary, In this paper,
we propose a unifying formalization of the adversarial input generation process
from a formal methods perspective. We provide a definition of robustness that
is general enough to capture different formulations. The expressiveness of our
formalization is shown by modeling and comparing a variety of adversarial
attack techniques
A LiDAR Point Cloud Generator: from a Virtual World to Autonomous Driving
3D LiDAR scanners are playing an increasingly important role in autonomous
driving as they can generate depth information of the environment. However,
creating large 3D LiDAR point cloud datasets with point-level labels requires a
significant amount of manual annotation. This jeopardizes the efficient
development of supervised deep learning algorithms which are often data-hungry.
We present a framework to rapidly create point clouds with accurate point-level
labels from a computer game. The framework supports data collection from both
auto-driving scenes and user-configured scenes. Point clouds from auto-driving
scenes can be used as training data for deep learning algorithms, while point
clouds from user-configured scenes can be used to systematically test the
vulnerability of a neural network, and use the falsifying examples to make the
neural network more robust through retraining. In addition, the scene images
can be captured simultaneously in order for sensor fusion tasks, with a method
proposed to do automatic calibration between the point clouds and captured
scene images. We show a significant improvement in accuracy (+9%) in point
cloud segmentation by augmenting the training dataset with the generated
synthesized data. Our experiments also show by testing and retraining the
network using point clouds from user-configured scenes, the weakness/blind
spots of the neural network can be fixed
A Metric for Linear Temporal Logic
We propose a measure and a metric on the sets of infinite traces generated by
a set of atomic propositions. To compute these quantities, we first map
properties to subsets of the real numbers and then take the Lebesgue measure of
the resulting sets. We analyze how this measure is computed for Linear Temporal
Logic (LTL) formulas. An implementation for computing the measure of bounded
LTL properties is provided and explained. This implementation leverages SAT
model counting and effects independence checks on subexpressions to compute the
measure and metric compositionally
Counterexample-Guided Data Augmentation
We present a novel framework for augmenting data sets for machine learning
based on counterexamples. Counterexamples are misclassified examples that have
important properties for retraining and improving the model. Key components of
our framework include a counterexample generator, which produces data items
that are misclassified by the model and error tables, a novel data structure
that stores information pertaining to misclassifications. Error tables can be
used to explain the model's vulnerabilities and are used to efficiently
generate counterexamples for augmentation. We show the efficacy of the proposed
framework by comparing it to classical augmentation techniques on a case study
of object detection in autonomous driving based on deep neural networks
A Satisfiability Modulo Theory Approach to Secure State Reconstruction in Differentially Flat Systems Under Sensor Attacks
We address the problem of estimating the state of a differentially flat
system from measurements that may be corrupted by an adversarial attack. In
cyber-physical systems, malicious attacks can directly compromise the system's
sensors or manipulate the communication between sensors and controllers. We
consider attacks that only corrupt a subset of sensor measurements. We show
that the possibility of reconstructing the state under such attacks is
characterized by a suitable generalization of the notion of s-sparse
observability, previously introduced by some of the authors in the linear case.
We also extend our previous work on the use of Satisfiability Modulo Theory
solvers to estimate the state under sensor attacks to the context of
differentially flat systems. The effectiveness of our approach is illustrated
on the problem of controlling a quadrotor under sensor attacks.Comment: arXiv admin note: text overlap with arXiv:1412.432
Model Predictive Control for Signal Temporal Logic Specification
We present a mathematical programming-based method for model predictive
control of cyber-physical systems subject to signal temporal logic (STL)
specifications. We describe the use of STL to specify a wide range of
properties of these systems, including safety, response and bounded liveness.
For synthesis, we encode STL specifications as mixed integer-linear constraints
on the system variables in the optimization problem at each step of a receding
horizon control framework. We prove correctness of our algorithms, and present
experimental results for controller synthesis for building energy and climate
control
- …