Formal Verification of CNN-based Perception Systems
Panagiotis Kouvaros, Alessio Lomuscio
TL;DR
This paper presents a novel method for verifying the local robustness of CNN-based perception systems against affine and photometric transformations, using reachability analysis and MILP encodings, demonstrated on MNIST.
Contribution
It introduces a new notion of local robustness for CNNs that captures transformations not addressed by prior robustness definitions.
Findings
The method effectively verifies CNN robustness against specific transformations.
Implementation on MNIST shows practical applicability of the approach.
The approach outperforms previous methods in capturing transformation-based robustness.
Abstract
We address the problem of verifying neural-based perception systems implemented by convolutional neural networks. We define a notion of local robustness based on affine and photometric transformations. We show the notion cannot be captured by previously employed notions of robustness. The method proposed is based on reachability analysis for feed-forward neural networks and relies on MILP encodings of both the CNNs and transformations under question. We present an implementation and discuss the experimental results obtained for a CNN trained from the MNIST data set.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Physical Unclonable Functions (PUFs) and Hardware Security · Advanced Neural Network Applications