Global Robustness Verification Networks

TL;DR

This paper introduces a comprehensive framework for globally verifying the robustness of neural networks against adversarial examples, combining a novel architecture, reasoning method, and verification approach.

Contribution

It proposes a new network architecture, SDN, and a rule-based back-propagation method for global robustness verification, addressing limitations of existing techniques.

Findings

Effective verification on synthetic datasets

Demonstrated robustness analysis on real datasets

Introduced a novel region-based verification approach

Abstract

The wide deployment of deep neural networks, though achieving great success in many domains, has severe safety and reliability concerns. Existing adversarial attack generation and automatic verification techniques cannot formally verify whether a network is globally robust, i.e., the absence or not of adversarial examples in the input space. To address this problem, we develop a global robustness verification framework with three components: 1) a novel rule-based ``back-propagation'' finding which input region is responsible for the class assignment by logic reasoning; 2) a new network architecture Sliding Door Network (SDN) enabling feasible rule-based ``back-propagation''; 3) a region-based global robustness verification (RGRV) approach. Moreover, we demonstrate the effectiveness of our approach on both synthetic and real datasets.