Freeze-and-mutate: abnormal sample identification for DL applications through model core analysis

IF 2 2区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Automated Software Engineering Pub Date : 2023-01-18 DOI:10.1007/s10515-022-00373-7

Huiyan Wang, Ziqi Chen, Chang Xu

{"title":"Freeze-and-mutate: abnormal sample identification for DL applications through model core analysis","authors":"Huiyan Wang, Ziqi Chen, Chang Xu","doi":"10.1007/s10515-022-00373-7","DOIUrl":null,"url":null,"abstract":"<div>Deep learning (DL) applications, representing an emerging form of new software, are gaining increasing popularity by their intelligent and adaptive services. However, their service reliability depends highly on the prediction accuracy of their internally-integrated DL models. In practice, DL models are often observed to suffer from ill predictions upon abnormal inputs (e.g., adversarial attacking samples, out-of-distribution (OOD) samples, and etc.), and this could easily lead to unexpected behaviors or even catastrophic consequences (e.g., system crash). One promising way to guard the application reliability is to reveal such abnormal inputs in time before they are fed to the DL models integrated in the concerned applications. Then remedy actions (e.g., discarding or fixing these inputs) can be done to protect applications from acting abnormally. Existing work addressed this revealing problem by either making sample distance-comparison based analysis or generating sufficient model mutants for comparative analysis. However, such treatments caused a restricted focus on samples only, while overlooking the DL models themselves, or had to analyze massive mutants, incurring non-negligible overheads to applications. In this article, we propose a novel approach, NetChopper, to conducting a core analysis on the target DL model, and then partitioning it into two parts, one associating closely with the training knowledge being the model core (expected to be important and thus stable), and the other being the remaining part (expected to be immaterial and thus changeable). Based on such partitioning, NetChopper proceeds to preserve (or freeze) the model core, but mutate the remaining part to produce only a small number of model mutants. Later, NetChopper becomes able to reveal abnormal inputs from normal ones by exploiting these model-relevant and light-weight mutants only. We experimentally evaluated NetChopper by widely-used DL subjects (e.g., MNIST+LeNet4, and CIFAR10+VGG16) and typical abnormal inputs (e.g., adversarial and OOD samples). The results reported NetChopper ’s promising AUROC scores in revealing the abnormal degrees of inputs, generally and stably outperforming, or comparably effective as, state-of-the-art techniques (e.g., mMutant, Surprise, and Mahalanobis), and also confirmed its high effectiveness and efficiency (with only marginal online overhead).</div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 1","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2023-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Automated Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s10515-022-00373-7","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Deep learning (DL) applications, representing an emerging form of new software, are gaining increasing popularity by their intelligent and adaptive services. However, their service reliability depends highly on the prediction accuracy of their internally-integrated DL models. In practice, DL models are often observed to suffer from ill predictions upon abnormal inputs (e.g., adversarial attacking samples, out-of-distribution (OOD) samples, and etc.), and this could easily lead to unexpected behaviors or even catastrophic consequences (e.g., system crash). One promising way to guard the application reliability is to reveal such abnormal inputs in time before they are fed to the DL models integrated in the concerned applications. Then remedy actions (e.g., discarding or fixing these inputs) can be done to protect applications from acting abnormally. Existing work addressed this revealing problem by either making sample distance-comparison based analysis or generating sufficient model mutants for comparative analysis. However, such treatments caused a restricted focus on samples only, while overlooking the DL models themselves, or had to analyze massive mutants, incurring non-negligible overheads to applications. In this article, we propose a novel approach, NetChopper, to conducting a core analysis on the target DL model, and then partitioning it into two parts, one associating closely with the training knowledge being the model core (expected to be important and thus stable), and the other being the remaining part (expected to be immaterial and thus changeable). Based on such partitioning, NetChopper proceeds to preserve (or freeze) the model core, but mutate the remaining part to produce only a small number of model mutants. Later, NetChopper becomes able to reveal abnormal inputs from normal ones by exploiting these model-relevant and light-weight mutants only. We experimentally evaluated NetChopper by widely-used DL subjects (e.g., MNIST+LeNet4, and CIFAR10+VGG16) and typical abnormal inputs (e.g., adversarial and OOD samples). The results reported NetChopper ’s promising AUROC scores in revealing the abnormal degrees of inputs, generally and stably outperforming, or comparably effective as, state-of-the-art techniques (e.g., mMutant, Surprise, and Mahalanobis), and also confirmed its high effectiveness and efficiency (with only marginal online overhead).

Abstract Image

查看原文本刊更多论文

冻结和突变:通过模型核心分析对DL应用进行异常样本识别

深度学习（DL）应用程序代表了一种新兴的新软件形式，其智能和自适应服务越来越受欢迎。然而，它们的服务可靠性在很大程度上取决于它们内部集成的DL模型的预测准确性。在实践中，DL模型经常被观察到对异常输入（例如，对抗性攻击样本、分布外（OOD）样本等）的预测不佳，这很容易导致意外行为甚至灾难性后果（例如，系统崩溃）。保护应用程序可靠性的一种有前途的方法是在这些异常输入被馈送到集成在相关应用程序中的DL模型之前及时揭示它们。然后可以采取补救措施（例如，丢弃或修复这些输入）来保护应用程序不发生异常行为。现有工作通过进行基于样本距离比较的分析或生成足够的模型突变体进行比较分析来解决这一揭示问题。然而，这样的处理导致仅对样本的关注受到限制，而忽略了DL模型本身，或者必须分析大量突变体，这给应用带来了不可忽略的开销。在本文中，我们提出了一种新的方法NetChopper，对目标DL模型进行核心分析，然后将其分为两部分，一部分与训练知识密切相关，是模型核心（预计是重要的，因此是稳定的），另一部分是剩余部分（预计是非物质的，因此可以更改）。基于这种划分，NetChopper继续保存（或冷冻）模型核心，但对剩余部分进行突变，只产生少量模型突变体。后来，NetChopper能够通过仅利用这些与模型相关的轻量级突变体来揭示正常输入的异常输入。我们通过广泛使用的DL受试者（例如，MNIST+LeNet4和CIFAR10+VGG16）和典型的异常输入（例如，对抗性和OOD样本）对NetChopper进行了实验评估。该结果报告了NetChopper在揭示输入异常程度方面的有希望的AUROC评分，总体上稳定地优于或与最先进的技术（如mMutant、Surprise和Mahalanobis）相当有效，并证实了其高效性和效率（仅具有边际在线开销）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Automated Software Engineering 工程技术-计算机：软件工程

CiteScore

4.80

自引率

11.80%

发文量

审稿时长

>12 weeks

期刊介绍： This journal details research, tutorial papers, survey and accounts of significant industrial experience in the foundations, techniques, tools and applications of automated software engineering technology. This includes the study of techniques for constructing, understanding, adapting, and modeling software artifacts and processes. Coverage in Automated Software Engineering examines both automatic systems and collaborative systems as well as computational models of human software engineering activities. In addition, it presents knowledge representations and artificial intelligence techniques applicable to automated software engineering, and formal techniques that support or provide theoretical foundations. The journal also includes reviews of books, software, conferences and workshops.