PEACEPACT: Prioritizing Examples to Accelerate Perturbation-Based Adversary Generation for DNN Classification Testing

2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2020-12-01 DOI:10.1109/QRS51102.2020.00059

Zijie Li, Long Zhang, Jun Yan, Jian Zhang, Zhenyu Zhang, T. Tse

{"title":"PEACEPACT: Prioritizing Examples to Accelerate Perturbation-Based Adversary Generation for DNN Classification Testing","authors":"Zijie Li, Long Zhang, Jun Yan, Jian Zhang, Zhenyu Zhang, T. Tse","doi":"10.1109/QRS51102.2020.00059","DOIUrl":null,"url":null,"abstract":"Deep neural networks (DNNs) have been widely used in classification tasks. Studies have shown that DNNs may be fooled by artificial examples known as adversaries. A common technique for testing the robustness of a classification is to apply perturbations (such as random noise) to existing examples and try many of them iteratively, but it is very tedious and time-consuming. In this paper, we propose a technique to select adversaries more effectively. We study the vulnerability of examples by exploiting their class distinguishability. In this way, we can evaluate the probability of generating adversaries from each example, and prioritize all the examples accordingly. We have conducted an empirical study using a classic DNN model on four common datasets. The results reveal that the vulnerability of examples has a strong relationship with distinguishability. The effectiveness of our technique is demonstrated through 98.90 to 99.68% improvements in the F-measure.","PeriodicalId":301814,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS51102.2020.00059","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Deep neural networks (DNNs) have been widely used in classification tasks. Studies have shown that DNNs may be fooled by artificial examples known as adversaries. A common technique for testing the robustness of a classification is to apply perturbations (such as random noise) to existing examples and try many of them iteratively, but it is very tedious and time-consuming. In this paper, we propose a technique to select adversaries more effectively. We study the vulnerability of examples by exploiting their class distinguishability. In this way, we can evaluate the probability of generating adversaries from each example, and prioritize all the examples accordingly. We have conducted an empirical study using a classic DNN model on four common datasets. The results reveal that the vulnerability of examples has a strong relationship with distinguishability. The effectiveness of our technique is demonstrated through 98.90 to 99.68% improvements in the F-measure.

查看原文本刊更多论文

PEACEPACT:对示例进行优先排序以加速基于扰动的DNN分类测试对手生成

深度神经网络(dnn)在分类任务中得到了广泛的应用。研究表明，dnn可能会被称为对手的人工样本所愚弄。测试分类鲁棒性的一种常用技术是将扰动(如随机噪声)应用于现有的示例，并迭代地尝试其中的许多示例，但这非常繁琐且耗时。在本文中，我们提出了一种更有效地选择对手的技术。我们通过利用样本的类可分辨性来研究样本的脆弱性。通过这种方式，我们可以评估每个示例生成对手的概率，并相应地对所有示例进行优先级排序。我们使用经典深度神经网络模型对四个常见数据集进行了实证研究。结果表明，样本的脆弱性与可识别性之间存在着密切的关系。我们的技术的有效性通过f测量的98.90到99.68%的改进得到了证明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)

自引率

0.00%

发文量