Provable Repair of Deep Neural Network Defects by Preimage Synthesis and Property Refinement
- URL: http://arxiv.org/abs/2511.07741v1
- Date: Wed, 12 Nov 2025 01:14:13 GMT
- Title: Provable Repair of Deep Neural Network Defects by Preimage Synthesis and Property Refinement
- Authors: Jianan Ma, Jingyi Wang, Qi Xuan, Zhen Wang,
- Abstract summary: ProRepair is a novel provable neural network repair framework driven by formal preimage synthesis and property refinement.<n>We evaluate it across four security threats repair tasks on six benchmarks and the results demonstrate it outperforms existing methods in effectiveness, efficiency and scalability.
- Score: 11.183772232721068
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: It is known that deep neural networks may exhibit dangerous behaviors under various security threats (e.g., backdoor attacks, adversarial attacks and safety property violation) and there exists an ongoing arms race between attackers and defenders. In this work, we propose a complementary perspective to utilize recent progress on "neural network repair" to mitigate these security threats and repair various kinds of neural network defects (arising from different security threats) within a unified framework, offering a potential silver bullet solution to real-world scenarios. To substantially push the boundary of existing repair techniques (suffering from limitations such as lack of guarantees, limited scalability, considerable overhead, etc) in addressing more practical contexts, we propose ProRepair, a novel provable neural network repair framework driven by formal preimage synthesis and property refinement. The key intuitions are: (i) synthesizing a precise proxy box to characterize the feature space preimage, which can derive a bounded distance term sufficient to guide the subsequent repair step towards the correct outputs, and (ii) performing property refinement to enable surgical corrections and scale to more complex tasks. We evaluate ProRepair across four security threats repair tasks on six benchmarks and the results demonstrate it outperforms existing methods in effectiveness, efficiency and scalability. For point-wise repair, ProRepair corrects models while preserving performance and achieving significantly improved generalization, with a speedup of 5x to 2000x over existing provable approaches. In region-wise repair, ProRepair successfully repairs all 36 safety property violation instances (compared to 8 by the best existing method), and can handle 18x higher dimensional spaces.
Related papers
- SafeRedir: Prompt Embedding Redirection for Robust Unlearning in Image Generation Models [67.84174763413178]
We introduce SafeRedir, a lightweight inference-time framework for robust unlearning via prompt embedding redirection.<n>We show that SafeRedir achieves effective unlearning capability, high semantic and perceptual preservation, robust image quality, and enhanced resistance to adversarial attacks.
arXiv Detail & Related papers (2026-01-13T15:01:38Z) - CARE: Decoding Time Safety Alignment via Rollback and Introspection Intervention [68.95008546581339]
Existing decoding-time interventions, such as Contrastive Decoding, often force a severe trade-off between safety and response quality.<n>We propose CARE, a novel framework for decoding-time safety alignment that integrates three key components.<n>The framework achieves a superior balance of safety, quality, and efficiency, attaining a low harmful response rate and minimal disruption to the user experience.
arXiv Detail & Related papers (2025-09-01T04:50:02Z) - REFINE: Inversion-Free Backdoor Defense via Model Reprogramming [60.554146386198376]
Backdoor attacks on deep neural networks (DNNs) have emerged as a significant security threat.<n>We propose REFINE, an inversion-free backdoor defense method based on model reprogramming.
arXiv Detail & Related papers (2025-02-22T07:29:12Z) - Patch Synthesis for Property Repair of Deep Neural Networks [15.580097790702508]
We introduce PatchPro, a novel patch-based approach for property-level repair of deep neural networks (DNNs)<n>PatchPro provides specialized repairs for all samples within the robustness neighborhood while maintaining the network's original performance.<n>Our method incorporates formal verification and a mechanism for allocating patch modules, enabling it to defend against adversarial attacks.
arXiv Detail & Related papers (2024-04-02T05:16:59Z) - FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids [53.2306792009435]
FaultGuard is the first framework for fault type and zone classification resilient to adversarial attacks.
We propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness.
Our model outclasses the state-of-the-art for resilient fault prediction benchmarking, with an accuracy of up to 0.958.
arXiv Detail & Related papers (2024-03-26T08:51:23Z) - Scaling #DNN-Verification Tools with Efficient Bound Propagation and
Parallel Computing [57.49021927832259]
Deep Neural Networks (DNNs) are powerful tools that have shown extraordinary results in many scenarios.
However, their intricate designs and lack of transparency raise safety concerns when applied in real-world applications.
Formal Verification (FV) of DNNs has emerged as a valuable solution to provide provable guarantees on the safety aspect.
arXiv Detail & Related papers (2023-12-10T13:51:25Z) - A Robust Optimisation Perspective on Counterexample-Guided Repair of
Neural Networks [2.82532357999662]
We show that counterexample-guided repair can be viewed as a robust optimisation algorithm.
We prove termination for more restrained machine learning models and disprove termination in a general setting.
arXiv Detail & Related papers (2023-01-26T19:00:02Z) - Causality-based Neural Network Repair [9.356001065771064]
We propose CARE (textbfCAusality-based textbfREpair), a causality-based neural network repair technique.
CARE is able to repair all neural networks efficiently and effectively.
arXiv Detail & Related papers (2022-04-20T07:33:52Z) - ArchRepair: Block-Level Architecture-Oriented Repairing for Deep Neural
Networks [13.661704974188872]
We propose a novel repairing direction for deep neural networks (DNNs) at the block level.
We propose adversarial-aware spectrum analysis for vulnerable block localization.
We also propose the architecture-oriented search-based repairing that relaxes the targeted block to a continuous repairing search space.
arXiv Detail & Related papers (2021-11-26T06:35:15Z) - Neural Network Repair with Reachability Analysis [10.384532888747993]
Safety is a critical concern for the next generation of autonomy that is likely to rely heavily on deep neural networks for perception and control.
This research proposes a framework to repair unsafe DNNs in safety-critical systems with reachability analysis.
arXiv Detail & Related papers (2021-08-09T17:56:51Z) - A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems.
This paper proposes a self-supervised adversarial training mechanism in the input space.
It provides significant robustness against the textbfunseen adversarial attacks.
arXiv Detail & Related papers (2020-06-08T20:42:39Z) - Transferable, Controllable, and Inconspicuous Adversarial Attacks on
Person Re-identification With Deep Mis-Ranking [83.48804199140758]
We propose a learning-to-mis-rank formulation to perturb the ranking of the system output.
We also perform a back-box attack by developing a novel multi-stage network architecture.
Our method can control the number of malicious pixels by using differentiable multi-shot sampling.
arXiv Detail & Related papers (2020-04-08T18:48:29Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.