Speeding up neural network robustness verification via algorithm configuration and an optimised mixed integer linear programming solver portfolio

Despite their great success in recent years, neural networks have been found to be vulnerable to adversarial attacks. These attacks are often based on slight perturbations of given inputs that cause them to be misclassified. Several methods have been proposed to formally prove robustness of a given...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Machine learning Ročník 111; číslo 12; s. 4565 - 4584
Hlavní autoři: König, Matthias, Hoos, Holger H., Rijn, Jan N. van
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York Springer US 01.12.2022
Springer Nature B.V
Témata:
Algorithms
Artificial Intelligence
Automation
Computer Science
Configurations
Control
Engines
Integer programming
Linear programming
Machine Learning
Mechatronics
Mixed integer
Natural Language Processing (NLP)
Neural networks
Perturbation
Robotics
Robustness
Simulation and Modeling
Solvers
Special Issue of the ECML PKDD 2022 Journal Track
Verification
Algorithm selection
Mixed integer programming
Neural network verification
Automated algorithm configuration
ISSN:0885-6125, 1573-0565
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Despite their great success in recent years, neural networks have been found to be vulnerable to adversarial attacks. These attacks are often based on slight perturbations of given inputs that cause them to be misclassified. Several methods have been proposed to formally prove robustness of a given network against such attacks. However, these methods typically give rise to high computational demands, which severely limit their scalability. Recent state-of-the-art approaches state the verification task as a minimisation problem, which is formulated and solved as a mixed-integer linear programming (MIP) problem. We extend this approach by leveraging automated algorithm configuration techniques and, more specifically, construct a portfolio of MIP solver configurations optimised for the neural network verification task. We test this approach on two recent, state-of-the-art MIP-based verification engines, MIPVerify and Venus , and achieve substantial improvements in CPU time by average factors of up to 4.7 and 10.3, respectively.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0885-6125
1573-0565
DOI:10.1007/s10994-022-06212-w