Quantitative Verification of Neural Networks and Its Security Applications
| Autor: | Prateek Saxena, Kuldeep S. Meel, Shweta Shinde, Shiqi Shen, Teodora Baluta |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
FOS: Computer and information sciences
Soundness Computer Science - Machine Learning Computer Science - Logic in Computer Science Computer Science - Cryptography and Security Theoretical computer science Artificial neural network Computer Science - Artificial Intelligence Property (programming) Computer science Stochastic process Existential quantification Probabilistic logic 020207 software engineering 02 engineering and technology Machine Learning (cs.LG) Logic in Computer Science (cs.LO) Qualitative reasoning Artificial Intelligence (cs.AI) Robustness (computer science) 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Cryptography and Security (cs.CR) |
| Zdroj: | CCS |
| DOI: | 10.1145/3319535.3354245 |
| Popis: | Neural networks are increasingly employed in safety-critical domains. This has prompted interest in verifying or certifying logically encoded properties of neural networks. Prior work has largely focused on checking existential properties, wherein the goal is to check whether there exists any input that violates a given property of interest. However, neural network training is a stochastic process, and many questions arising in their analysis require probabilistic and quantitative reasoning, i.e., estimating how many inputs satisfy a given property. To this end, our paper proposes a novel and principled framework to quantitative verification of logical properties specified over neural networks. Our framework is the first to provide PAC-style soundness guarantees, in that its quantitative estimates are within a controllable and bounded error from the true count. We instantiate our algorithmic framework by building a prototype tool called NPAQ that enables checking rich properties over binarized neural networks. We show how emerging security analyses can utilize our framework in 3 concrete point applications: quantifying robustness to adversarial inputs, efficacy of trojan attacks, and fairness/bias of given neural networks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|