Increasing the Confidence of Deep Neural Networks by Coverage Analysis

TL;DR

This paper introduces a lightweight coverage-based monitoring system to improve deep neural networks' robustness against adversarial and out-of-distribution inputs, enhancing safety in critical applications.

Contribution

It proposes four novel coverage analysis methods integrated into a monitoring architecture to detect unsafe inputs more effectively.

Findings

Effective detection of adversarial examples

Detection of out-of-distribution inputs

Minimal additional computational resources

Abstract

The great performance of machine learning algorithms and deep neural networks in several perception and control tasks is pushing the industry to adopt such technologies in safety-critical applications, as autonomous robots and self-driving vehicles. At present, however, several issues need to be solved to make deep learning methods more trustworthy, predictable, safe, and secure against adversarial attacks. Although several methods have been proposed to improve the trustworthiness of deep neural networks, most of them are tailored for specific classes of adversarial examples, hence failing to detect other corner cases or unsafe inputs that heavily deviate from the training samples. This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model robustness against different unsafe inputs. In particular, four coverage analysis methods are proposed and tested in the architecture for evaluating multiple detection logics. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs, introducing limited extra-execution time and memory requirements.