Accelerating Adversarially Robust Model Selection for Deep Neural Networks via Racing

Authors

  • Matthias König Leiden Institute of Advanced Computer Science, Leiden University
  • Holger H. Hoos Leiden Institute of Advanced Computer Science, Leiden University Chair for AI Methodology, RWTH Aachen University
  • Jan N. van Rijn Leiden Institute of Advanced Computer Science, Leiden University

DOI:

https://doi.org/10.1609/aaai.v38i19.30121

Keywords:

General

Abstract

Recent research has introduced several approaches to formally verify the robustness of neural network models against perturbations in their inputs, such as the ones that occur in adversarial attacks. At the same time, this particular verification task is known to be computationally challenging. More specifically, assessing the robustness of a neural network against input perturbations can easily take several hours of compute time per input vector, even when using state-of-the-art verification approaches. In light of this, it becomes challenging to select from a given set of neural network models the one that is best in terms of robust accuracy, i.e., the fraction of instances for which the model is known to be robust against adversarial perturbations, especially when given limited computing resources. To tackle this problem, we propose a racing method specifically adapted to the domain of robustness verification. This racing method utilises Delta-values, which can be seen as an efficiently computable proxy for the distance of a given input to a neural network model to the decision boundary. We present statistical evidence indicating significant differences in the empirical cumulative distribution between robust and non-robust inputs as a function of Delta-values. Using this information, we show that it is possible to reliably expose vulnerabilities in the model with relatively few input iterations. Overall, when applied to selecting the most robust network from sets of 31 MNIST and 27 CIFAR-10 networks, our proposed method achieves speedups of a factor of 108 and 42, respectively, in terms of cumulative running time compared to standard local robustness verification on the complete testing sets.
AAAI-24 / IAAI-24 / EAAI-24 Proceedings Cover

Downloads

Published

2024-03-24

How to Cite

König, M., Hoos, H. H., & van Rijn, J. N. (2024). Accelerating Adversarially Robust Model Selection for Deep Neural Networks via Racing. Proceedings of the AAAI Conference on Artificial Intelligence, 38(19), 21267-21275. https://doi.org/10.1609/aaai.v38i19.30121

Issue

Vol. 38 No. 19: AAAI-24 Special Track Safe, Robust and Responsible AI Track

Section

AAAI Technical Track on Safe, Robust and Responsible AI Track