An empirical study on correlation between coverage and robustness for deep neural networks
Deep neural networks (DNN) are increasingly applied in safety-critical systems, e.g., for face recognition, autonomous car control and malware detection. It is also shown that DNNs are subject to attacks such as adversarial perturbation and thus must be properly tested. Many coverage criteria for DN...
Saved in:
| Main Authors: | , , , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/5942 https://ink.library.smu.edu.sg/context/sis_research/article/6945/viewcontent/Emp_coverage_robustness_DNN_2020_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-6945 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-69452021-05-17T08:51:58Z An empirical study on correlation between coverage and robustness for deep neural networks DONG, Yizhen ZHANG, Peixin WANG, Jingyi LIU, Shuang SUN, Jun HAO, Jianye WANG, Xinyu WANG, Li DONG, Jinsong DAI, Ting Deep neural networks (DNN) are increasingly applied in safety-critical systems, e.g., for face recognition, autonomous car control and malware detection. It is also shown that DNNs are subject to attacks such as adversarial perturbation and thus must be properly tested. Many coverage criteria for DNN since have been proposed, inspired by the success of code coverage criteria for software programs. The expectation is that if a DNN is well tested (and retrained) according to such coverage criteria, it is more likely to be robust. In this work, we conduct an empirical study to evaluate the relationship between coverage, robustness and attack/defense metrics for DNN. Our study is the largest to date and systematically done based on 100 DNN models and 25 metrics. One of our findings is that there is limited correlation between coverage and robustness, i.e., improving coverage does not help improve the robustness. Our dataset and implementation have been made available to serve as a benchmark for future studies on testing DNN. 2020-03-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/5942 info:doi/10.1109/ICECCS51672.2020.00016 https://ink.library.smu.edu.sg/context/sis_research/article/6945/viewcontent/Emp_coverage_robustness_DNN_2020_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Complex networks Deep neural networks Face recognition Malware Safety engineering Statistical tests Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Complex networks Deep neural networks Face recognition Malware Safety engineering Statistical tests Software Engineering |
| spellingShingle |
Complex networks Deep neural networks Face recognition Malware Safety engineering Statistical tests Software Engineering DONG, Yizhen ZHANG, Peixin WANG, Jingyi LIU, Shuang SUN, Jun HAO, Jianye WANG, Xinyu WANG, Li DONG, Jinsong DAI, Ting An empirical study on correlation between coverage and robustness for deep neural networks |
| description |
Deep neural networks (DNN) are increasingly applied in safety-critical systems, e.g., for face recognition, autonomous car control and malware detection. It is also shown that DNNs are subject to attacks such as adversarial perturbation and thus must be properly tested. Many coverage criteria for DNN since have been proposed, inspired by the success of code coverage criteria for software programs. The expectation is that if a DNN is well tested (and retrained) according to such coverage criteria, it is more likely to be robust. In this work, we conduct an empirical study to evaluate the relationship between coverage, robustness and attack/defense metrics for DNN. Our study is the largest to date and systematically done based on 100 DNN models and 25 metrics. One of our findings is that there is limited correlation between coverage and robustness, i.e., improving coverage does not help improve the robustness. Our dataset and implementation have been made available to serve as a benchmark for future studies on testing DNN. |
| format |
text |
| author |
DONG, Yizhen ZHANG, Peixin WANG, Jingyi LIU, Shuang SUN, Jun HAO, Jianye WANG, Xinyu WANG, Li DONG, Jinsong DAI, Ting |
| author_facet |
DONG, Yizhen ZHANG, Peixin WANG, Jingyi LIU, Shuang SUN, Jun HAO, Jianye WANG, Xinyu WANG, Li DONG, Jinsong DAI, Ting |
| author_sort |
DONG, Yizhen |
| title |
An empirical study on correlation between coverage and robustness for deep neural networks |
| title_short |
An empirical study on correlation between coverage and robustness for deep neural networks |
| title_full |
An empirical study on correlation between coverage and robustness for deep neural networks |
| title_fullStr |
An empirical study on correlation between coverage and robustness for deep neural networks |
| title_full_unstemmed |
An empirical study on correlation between coverage and robustness for deep neural networks |
| title_sort |
empirical study on correlation between coverage and robustness for deep neural networks |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/5942 https://ink.library.smu.edu.sg/context/sis_research/article/6945/viewcontent/Emp_coverage_robustness_DNN_2020_av.pdf |
| _version_ |
1770575699817529344 |