Evaluating the Robustness of Deep-Learning Algorithm-Selection Models by Evolving Adversarial Instances

TL;DR

This paper investigates the vulnerability of deep recurrent networks used for algorithm selection in bin-packing to adversarial instances, using evolutionary algorithms to generate misclassified samples and analyze their properties.

Contribution

It introduces an evolutionary approach to generate adversarial instances for DRNs in bin-packing, revealing their fragility and providing data to improve robustness.

Findings

Adversarial samples can be generated for up to 56% of instances.

Fragility is linked to certain training instances being easily perturbed.

Generated instances vary widely in classification confidence.

Abstract

Deep neural networks (DNN) are increasingly being used to perform algorithm-selection in combinatorial optimisation domains, particularly as they accommodate input representations which avoid designing and calculating features. Mounting evidence from domains that use images as input shows that deep convolutional networks are vulnerable to adversarial samples, in which a small perturbation of an instance can cause the DNN to misclassify. However, it remains unknown as to whether deep recurrent networks (DRN) which have recently been shown promise as algorithm-selectors in the bin-packing domain are equally vulnerable. We use an evolutionary algorithm (EA) to find perturbations of instances from two existing benchmarks for online bin packing that cause trained DRNs to misclassify: adversarial samples are successfully generated from up to 56% of the original instances depending on the dataset. Analysis of the new misclassified instances sheds light on the `fragility' of some training instances, i.e. instances where it is trivial to find a small perturbation that results in a misclassification and the factors that influence this. Finally, the method generates a large number of new instances misclassified with a wide variation in confidence, providing a rich new source of training data to create more robust models.