Enhancing the efficacy of neural network robustness analysis
COM1 Level 2
SR10, COM1-02-10
Abstract:
As neural networks have taken on a critical role in real-world applications, formal verification is needed to guarantee the safety properties of neural networks. Nevertheless, it remains challenging to balance the trade-off between precision and efficiency, given networks with various scales and diverse verification requirements. Therefore, we propose a suite of methods that are suitable for different effectiveness and speed requirements during neural network verification. Firstly, we present a network block summarization technique to capture the behaviors within a network block using a block summary and leverage the summary to speed up the network verification process. Our method, specially tailored to handle very deep networks, leads to faster analysis and requires less computational resources with reasonable analysis precision. Secondly, we introduce an abstract refinement process that leverages the convex hull techniques to improve the analysis efficiency. Specifically, we introduce the double description method to detect and eliminate multiple spurious adversarial labels simultaneously. Our method yields high verification precision and identifies falsification by detecting adversarial examples with reasonable execution efficiency. Finally, we develop a network reduction process where we detect and remove stable neurons in the network while preserving the same network behavior. After this pre-processing, we obtain a reduced network on which the analysis executes faster than that of the original network. Experiments indicate that our method could speed up various verification methods and improve the availability of existing verification tools on many complex network architectures by reducing them into simplified networks. In summary, this thesis provides a suite of methods permitting users to conduct neural network verification under various scenarios.