Model-Agnostic Reachability Analysis on Deep Neural Networks

Chi Zhang; Wenjie Ruan; Fu Wang; Peipei Xu; Geyong Min; Xiaowei Huang

doi:10.1007/978-3-031-33374-3_27

Model-Agnostic Reachability Analysis on Deep Neural Networks

Chi Zhang
, Wenjie Ruan (Lead / Corresponding author)
, Fu Wang
, Peipei Xu
, Geyong Min
, Xiaowei Huang

Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Verification plays an essential role in the formal analysis of safety-critical systems. Most current verification methods have specific requirements when working on Deep Neural Networks (DNNs). They either target one particular network category, e.g., Feedforward Neural Networks (FNNs), or networks with specific activation functions, e.g., ReLU. In this paper, we develop a model-agnostic verification framework, called DeepAgn, and show that it can be applied to FNNs, Recurrent Neural Networks (RNNs), or a mixture of both. Under the assumption of Lipschitz continuity, DeepAgn analyses the reachability of DNNs based on a novel optimisation scheme with a global convergence guarantee. It does not require access to the network’s internal structures, such as layers and parameters. Through reachability analysis, DeepAgn can tackle several well-known robustness problems, including computing the maximum safe radius for a given input, and generating the ground-truth adversarial example. We also empirically demonstrate DeepAgn’s superior capability and efficiency in handling a broader class of deep neural networks, including both FNNs and RNNs with very deep layers and millions of neurons, than other state-of-the-art verification approaches. Our tool is available at https://github.com/TrustAI/DeepAgn

Original language	English
Title of host publication	Advances in Knowledge Discovery and Data Mining
Subtitle of host publication	27th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2023, Osaka, Japan, May 25–28, 2023, Proceedings, Part I
Editors	Hisashi Kashima, Tsuyoshi Ide, Wen-Chih Peng
Publisher	Springer
Pages	341–354
Volume	13935
ISBN (Electronic)	9783031333743
ISBN (Print)	9783031333736
DOIs	https://doi.org/10.1007/978-3-031-33374-3_27
Publication status	Published - 27 May 2023

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	13935
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Keywords

Verification
Deep Learning
Model-agnostic
Reachability

Access to Document

10.1007/978-3-031-33374-3_27

Cite this

Zhang, C., Ruan, W., Wang, F., Xu, P., Min, G., & Huang, X. (2023). Model-Agnostic Reachability Analysis on Deep Neural Networks. In H. Kashima, T. Ide, & W.-C. Peng (Eds.), Advances in Knowledge Discovery and Data Mining: 27th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2023, Osaka, Japan, May 25–28, 2023, Proceedings, Part I (Vol. 13935, pp. 341–354). (Lecture Notes in Computer Science; Vol. 13935). Springer. https://doi.org/10.1007/978-3-031-33374-3_27

Zhang, Chi ; Ruan, Wenjie ; Wang, Fu et al. / Model-Agnostic Reachability Analysis on Deep Neural Networks. Advances in Knowledge Discovery and Data Mining: 27th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2023, Osaka, Japan, May 25–28, 2023, Proceedings, Part I. editor / Hisashi Kashima ; Tsuyoshi Ide ; Wen-Chih Peng. Vol. 13935 Springer, 2023. pp. 341–354 (Lecture Notes in Computer Science).

@inproceedings{7dd0c805577b48da966e61b3dc7d0030,

title = "Model-Agnostic Reachability Analysis on Deep Neural Networks",

abstract = "Verification plays an essential role in the formal analysis of safety-critical systems. Most current verification methods have specific requirements when working on Deep Neural Networks (DNNs). They either target one particular network category, e.g., Feedforward Neural Networks (FNNs), or networks with specific activation functions, e.g., ReLU. In this paper, we develop a model-agnostic verification framework, called DeepAgn, and show that it can be applied to FNNs, Recurrent Neural Networks (RNNs), or a mixture of both. Under the assumption of Lipschitz continuity, DeepAgn analyses the reachability of DNNs based on a novel optimisation scheme with a global convergence guarantee. It does not require access to the network{\textquoteright}s internal structures, such as layers and parameters. Through reachability analysis, DeepAgn can tackle several well-known robustness problems, including computing the maximum safe radius for a given input, and generating the ground-truth adversarial example. We also empirically demonstrate DeepAgn{\textquoteright}s superior capability and efficiency in handling a broader class of deep neural networks, including both FNNs and RNNs with very deep layers and millions of neurons, than other state-of-the-art verification approaches. Our tool is available at https://github.com/TrustAI/DeepAgn",

keywords = "Verification, Deep Learning, Model-agnostic, Reachability",

author = "Chi Zhang and Wenjie Ruan and Fu Wang and Peipei Xu and Geyong Min and Xiaowei Huang",

note = "{\textcopyright} 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG",

year = "2023",

month = may,

day = "27",

doi = "10.1007/978-3-031-33374-3\_27",

language = "English",

isbn = "9783031333736",

volume = "13935",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "341–354",

editor = "Hisashi Kashima and Tsuyoshi Ide and Wen-Chih Peng",

booktitle = "Advances in Knowledge Discovery and Data Mining",

address = "Germany",

}

Zhang, C, Ruan, W, Wang, F, Xu, P, Min, G & Huang, X 2023, Model-Agnostic Reachability Analysis on Deep Neural Networks. in H Kashima, T Ide & W-C Peng (eds), Advances in Knowledge Discovery and Data Mining: 27th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2023, Osaka, Japan, May 25–28, 2023, Proceedings, Part I. vol. 13935, Lecture Notes in Computer Science, vol. 13935, Springer, pp. 341–354. https://doi.org/10.1007/978-3-031-33374-3_27

Model-Agnostic Reachability Analysis on Deep Neural Networks. / Zhang, Chi; Ruan, Wenjie (Lead / Corresponding author); Wang, Fu et al.
Advances in Knowledge Discovery and Data Mining: 27th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2023, Osaka, Japan, May 25–28, 2023, Proceedings, Part I. ed. / Hisashi Kashima; Tsuyoshi Ide; Wen-Chih Peng. Vol. 13935 Springer, 2023. p. 341–354 (Lecture Notes in Computer Science; Vol. 13935).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Model-Agnostic Reachability Analysis on Deep Neural Networks

AU - Zhang, Chi

AU - Ruan, Wenjie

AU - Wang, Fu

AU - Xu, Peipei

AU - Min, Geyong

AU - Huang, Xiaowei

PY - 2023/5/27

Y1 - 2023/5/27

N2 - Verification plays an essential role in the formal analysis of safety-critical systems. Most current verification methods have specific requirements when working on Deep Neural Networks (DNNs). They either target one particular network category, e.g., Feedforward Neural Networks (FNNs), or networks with specific activation functions, e.g., ReLU. In this paper, we develop a model-agnostic verification framework, called DeepAgn, and show that it can be applied to FNNs, Recurrent Neural Networks (RNNs), or a mixture of both. Under the assumption of Lipschitz continuity, DeepAgn analyses the reachability of DNNs based on a novel optimisation scheme with a global convergence guarantee. It does not require access to the network’s internal structures, such as layers and parameters. Through reachability analysis, DeepAgn can tackle several well-known robustness problems, including computing the maximum safe radius for a given input, and generating the ground-truth adversarial example. We also empirically demonstrate DeepAgn’s superior capability and efficiency in handling a broader class of deep neural networks, including both FNNs and RNNs with very deep layers and millions of neurons, than other state-of-the-art verification approaches. Our tool is available at https://github.com/TrustAI/DeepAgn

AB - Verification plays an essential role in the formal analysis of safety-critical systems. Most current verification methods have specific requirements when working on Deep Neural Networks (DNNs). They either target one particular network category, e.g., Feedforward Neural Networks (FNNs), or networks with specific activation functions, e.g., ReLU. In this paper, we develop a model-agnostic verification framework, called DeepAgn, and show that it can be applied to FNNs, Recurrent Neural Networks (RNNs), or a mixture of both. Under the assumption of Lipschitz continuity, DeepAgn analyses the reachability of DNNs based on a novel optimisation scheme with a global convergence guarantee. It does not require access to the network’s internal structures, such as layers and parameters. Through reachability analysis, DeepAgn can tackle several well-known robustness problems, including computing the maximum safe radius for a given input, and generating the ground-truth adversarial example. We also empirically demonstrate DeepAgn’s superior capability and efficiency in handling a broader class of deep neural networks, including both FNNs and RNNs with very deep layers and millions of neurons, than other state-of-the-art verification approaches. Our tool is available at https://github.com/TrustAI/DeepAgn

KW - Verification

KW - Deep Learning

KW - Model-agnostic

KW - Reachability

U2 - 10.1007/978-3-031-33374-3_27

DO - 10.1007/978-3-031-33374-3_27

M3 - Conference contribution

SN - 9783031333736

VL - 13935

T3 - Lecture Notes in Computer Science

SP - 341

EP - 354

BT - Advances in Knowledge Discovery and Data Mining

A2 - Kashima, Hisashi

A2 - Ide, Tsuyoshi

A2 - Peng, Wen-Chih

PB - Springer

ER -