Harnessing Adversarial Distances to Discover High-Confidence Errors

TL;DR

This paper presents a novel black-box search method using adversarial perturbations to efficiently identify high-confidence errors in neural network classifiers, revealing more mistakes than expected based on confidence levels.

Contribution

It introduces a new adversarial distance-based search technique for discovering high-confidence errors in black-box models, improving error detection efficiency.

Findings

The method finds errors at rates higher than expected given confidence.

It is query-efficient and effective in black-box settings.

Empirical results demonstrate improved error discovery over baseline methods.

Abstract

Given a deep neural network image classification model that we treat as a black box, and an unlabeled evaluation dataset, we develop an efficient strategy by which the classifier can be evaluated. Randomly sampling and labeling instances from an unlabeled evaluation dataset allows traditional performance measures like accuracy, precision, and recall to be estimated. However, random sampling may miss rare errors for which the model is highly confident in its prediction, but wrong. These high-confidence errors can represent costly mistakes, and therefore should be explicitly searched for. Past works have developed search techniques to find classification errors above a specified confidence threshold, but ignore the fact that errors should be expected at confidence levels anywhere below 100\%. In this work, we investigate the problem of finding errors at rates greater than expected given model confidence. Additionally, we propose a query-efficient and novel search technique that is guided by adversarial perturbations to find these mistakes in black box models. Through rigorous empirical experimentation, we demonstrate that our Adversarial Distance search discovers high-confidence errors at a rate greater than expected given model confidence.