Hierarchical Distribution-Aware Testing of Deep Learning
- URL: http://arxiv.org/abs/2205.08589v2
- Date: Fri, 1 Sep 2023 21:05:16 GMT
- Title: Hierarchical Distribution-Aware Testing of Deep Learning
- Authors: Wei Huang, Xingyu Zhao, Alec Banks, Victoria Cox and Xiaowei Huang
- Abstract summary: Deep Learning (DL) is increasingly used in safety-critical applications, raising concerns about its reliability.
DL suffers from a well-known problem of lacking robustness when faced with adversarial perturbations known as Adversarial Examples (AEs)
We propose a new robustness testing approach for detecting AEs that considers both the feature level distribution and the pixel level distribution.
- Score: 13.254093944540438
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Deep Learning (DL) is increasingly used in safety-critical applications,
raising concerns about its reliability. DL suffers from a well-known problem of
lacking robustness, especially when faced with adversarial perturbations known
as Adversarial Examples (AEs). Despite recent efforts to detect AEs using
advanced attack and testing methods, these approaches often overlook the input
distribution and perceptual quality of the perturbations. As a result, the
detected AEs may not be relevant in practical applications or may appear
unrealistic to human observers. This can waste testing resources on rare AEs
that seldom occur during real-world use, limiting improvements in DL model
dependability.
In this paper, we propose a new robustness testing approach for detecting AEs
that considers both the feature level distribution and the pixel level
distribution, capturing the perceptual quality of adversarial perturbations.
The two considerations are encoded by a novel hierarchical mechanism. First, we
select test seeds based on the density of feature level distribution and the
vulnerability of adversarial robustness. The vulnerability of test seeds are
indicated by the auxiliary information, that are highly correlated with local
robustness. Given a test seed, we then develop a novel genetic algorithm based
local test case generation method, in which two fitness functions work
alternatively to control the perceptual quality of detected AEs. Finally,
extensive experiments confirm that our holistic approach considering
hierarchical distributions is superior to the state-of-the-arts that either
disregard any input distribution or only consider a single (non-hierarchical)
distribution, in terms of not only detecting imperceptible AEs but also
improving the overall robustness of the DL model under testing.
Related papers
- CL-Flow:Strengthening the Normalizing Flows by Contrastive Learning for
Better Anomaly Detection [1.951082473090397]
We propose a self-supervised anomaly detection approach that combines contrastive learning with 2D-Flow.
Compared to mainstream unsupervised approaches, our self-supervised method demonstrates superior detection accuracy, fewer additional model parameters, and faster inference speed.
Our approach showcases new state-of-the-art results, achieving a performance of 99.6% in image-level AUROC on the MVTecAD dataset and 96.8% in image-level AUROC on the BTAD dataset.
arXiv Detail & Related papers (2023-11-12T10:07:03Z) - Don't Miss Out on Novelty: Importance of Novel Features for Deep Anomaly
Detection [64.21963650519312]
Anomaly Detection (AD) is a critical task that involves identifying observations that do not conform to a learned model of normality.
We propose a novel approach to AD using explainability to capture such novel features as unexplained observations in the input space.
Our approach establishes a new state-of-the-art across multiple benchmarks, handling diverse anomaly types.
arXiv Detail & Related papers (2023-10-01T21:24:05Z) - Expecting The Unexpected: Towards Broad Out-Of-Distribution Detection [9.656342063882555]
We study five types of distribution shifts and evaluate the performance of recent OOD detection methods on each of them.
Our findings reveal that while these methods excel in detecting unknown classes, their performance is inconsistent when encountering other types of distribution shifts.
We present an ensemble approach that offers a more consistent and comprehensive solution for broad OOD detection.
arXiv Detail & Related papers (2023-08-22T14:52:44Z) - Conservative Prediction via Data-Driven Confidence Minimization [70.93946578046003]
In safety-critical applications of machine learning, it is often desirable for a model to be conservative.
We propose the Data-Driven Confidence Minimization framework, which minimizes confidence on an uncertainty dataset.
arXiv Detail & Related papers (2023-06-08T07:05:36Z) - Robustness to Spurious Correlations Improves Semantic
Out-of-Distribution Detection [24.821151013905865]
Methods which utilize the outputs or feature representations of predictive models have emerged as promising approaches for out-of-distribution (OOD) detection of image inputs.
We provide a possible explanation for SN-OOD detection failures and propose nuisance-aware OOD detection to address them.
arXiv Detail & Related papers (2023-02-08T15:28:33Z) - Generalizability of Adversarial Robustness Under Distribution Shifts [57.767152566761304]
We take a first step towards investigating the interplay between empirical and certified adversarial robustness on one hand and domain generalization on another.
We train robust models on multiple domains and evaluate their accuracy and robustness on an unseen domain.
We extend our study to cover a real-world medical application, in which adversarial augmentation significantly boosts the generalization of robustness with minimal effect on clean data accuracy.
arXiv Detail & Related papers (2022-09-29T18:25:48Z) - Be Your Own Neighborhood: Detecting Adversarial Example by the
Neighborhood Relations Built on Self-Supervised Learning [64.78972193105443]
This paper presents a novel AE detection framework, named trustworthy for predictions.
performs the detection by distinguishing the AE's abnormal relation with its augmented versions.
An off-the-shelf Self-Supervised Learning (SSL) model is used to extract the representation and predict the label.
arXiv Detail & Related papers (2022-08-31T08:18:44Z) - What do we learn? Debunking the Myth of Unsupervised Outlier Detection [9.599183039166284]
We investigate what auto-encoders actually learn when they are posed to solve two different tasks.
We show that state-of-the-art (SOTA) AEs are either unable to constrain the latent manifold and allow reconstruction of abnormal patterns, or they are failing to accurately restore the inputs from their latent distribution.
We propose novel deformable auto-encoders (AEMorphus) to learn perceptually aware global image priors and locally adapt their morphometry.
arXiv Detail & Related papers (2022-06-08T06:36:16Z) - Exploring Robustness of Unsupervised Domain Adaptation in Semantic
Segmentation [74.05906222376608]
We propose adversarial self-supervision UDA (or ASSUDA) that maximizes the agreement between clean images and their adversarial examples by a contrastive loss in the output space.
This paper is rooted in two observations: (i) the robustness of UDA methods in semantic segmentation remains unexplored, which pose a security concern in this field; and (ii) although commonly used self-supervision (e.g., rotation and jigsaw) benefits image tasks such as classification and recognition, they fail to provide the critical supervision signals that could learn discriminative representation for segmentation tasks.
arXiv Detail & Related papers (2021-05-23T01:50:44Z) - WSSOD: A New Pipeline for Weakly- and Semi-Supervised Object Detection [75.80075054706079]
We propose a weakly- and semi-supervised object detection framework (WSSOD)
An agent detector is first trained on a joint dataset and then used to predict pseudo bounding boxes on weakly-annotated images.
The proposed framework demonstrates remarkable performance on PASCAL-VOC and MSCOCO benchmark, achieving a high performance comparable to those obtained in fully-supervised settings.
arXiv Detail & Related papers (2021-05-21T11:58:50Z) - Towards Characterizing Adversarial Defects of Deep Learning Software
from the Lens of Uncertainty [30.97582874240214]
Adversarial examples (AEs) represent a typical and important type of defects needed to be urgently addressed.
The intrinsic uncertainty nature of deep learning decisions can be a fundamental reason for its incorrect behavior.
We identify and categorize the uncertainty patterns of benign examples (BEs) and AEs, and find that while BEs and AEs generated by existing methods do follow common uncertainty patterns, some other uncertainty patterns are largely missed.
arXiv Detail & Related papers (2020-04-24T07:29:47Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.