Self-checking deep neural networks for anomalies and adversaries in deployment
Deep Neural Networks (DNNs) have been widely adopted, yet DNN models are surprisingly unreliable, which raises significant concerns about their use in critical domains. In this work, we propose that runtime DNN mistakes can be quickly detected and properly dealt with in deployment, especially in set...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7493 https://ink.library.smu.edu.sg/context/sis_research/article/8496/viewcontent/tdsc22_selfchecker.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8496 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-84962022-11-10T07:44:49Z Self-checking deep neural networks for anomalies and adversaries in deployment XIAO, Yan BESCHASTNIKH, Ivan LIN, Yun HUNDAL, Rajdeep Singh XIE, Xiaofei ROSENBLUM, David S. DONG, Jin Song Deep Neural Networks (DNNs) have been widely adopted, yet DNN models are surprisingly unreliable, which raises significant concerns about their use in critical domains. In this work, we propose that runtime DNN mistakes can be quickly detected and properly dealt with in deployment, especially in settings like self-driving vehicles. Just as software engineering (SE) community has developed effective mechanisms and techniques to monitor and check programmed components, our previous work, SelfChecker, is designed to monitor and correct DNN predictions given unintended abnormal test data. SelfChecker triggers an alarm if the decisions given by the internal layer features of the model are inconsistent with the final prediction and provides advice in the form of an alternative prediction. In this paper, we extend SelfChecker to the security domain. Specifically, we describe SelfChecker++, which we designed to target both unintended abnormal test data and intended adversarial samples. Technically, we develop a technique which can transform any runtime inputs triggering alarms into semantically equivalent inputs, then we feed those transformed inputs to the model. Such runtime transformation nullifies any intended crafted samples, making the model immune to adversarial attacks that craft adversarial samples. We evaluated the alarm accuracy of SelfChecker++ on three DNN models and four popular image datasets, and found that SelfChecker++ triggers correct alarms on 63.10% of wrong DNN predictions, and triggers false alarms on 5.77% of correct DNN predictions. We also evaluated the effectiveness of SelfChecker++ in detecting adversarial examples and found it detects on average 70.09% of such samples with advice accuracy that is 20.89% higher than the original DNN model and 18.37% higher than SelfChecker. 2022-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7493 info:doi/10.1109/TDSC.2022.3200421 https://ink.library.smu.edu.sg/context/sis_research/article/8496/viewcontent/tdsc22_selfchecker.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University self-checking system trustworthiness deep neural networks adversarial examples deployment Artificial Intelligence and Robotics OS and Networks |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
self-checking system trustworthiness deep neural networks adversarial examples deployment Artificial Intelligence and Robotics OS and Networks |
| spellingShingle |
self-checking system trustworthiness deep neural networks adversarial examples deployment Artificial Intelligence and Robotics OS and Networks XIAO, Yan BESCHASTNIKH, Ivan LIN, Yun HUNDAL, Rajdeep Singh XIE, Xiaofei ROSENBLUM, David S. DONG, Jin Song Self-checking deep neural networks for anomalies and adversaries in deployment |
| description |
Deep Neural Networks (DNNs) have been widely adopted, yet DNN models are surprisingly unreliable, which raises significant concerns about their use in critical domains. In this work, we propose that runtime DNN mistakes can be quickly detected and properly dealt with in deployment, especially in settings like self-driving vehicles. Just as software engineering (SE) community has developed effective mechanisms and techniques to monitor and check programmed components, our previous work, SelfChecker, is designed to monitor and correct DNN predictions given unintended abnormal test data. SelfChecker triggers an alarm if the decisions given by the internal layer features of the model are inconsistent with the final prediction and provides advice in the form of an alternative prediction. In this paper, we extend SelfChecker to the security domain. Specifically, we describe SelfChecker++, which we designed to target both unintended abnormal test data and intended adversarial samples. Technically, we develop a technique which can transform any runtime inputs triggering alarms into semantically equivalent inputs, then we feed those transformed inputs to the model. Such runtime transformation nullifies any intended crafted samples, making the model immune to adversarial attacks that craft adversarial samples. We evaluated the alarm accuracy of SelfChecker++ on three DNN models and four popular image datasets, and found that SelfChecker++ triggers correct alarms on 63.10% of wrong DNN predictions, and triggers false alarms on 5.77% of correct DNN predictions. We also evaluated the effectiveness of SelfChecker++ in detecting adversarial examples and found it detects on average 70.09% of such samples with advice accuracy that is 20.89% higher than the original DNN model and 18.37% higher than SelfChecker. |
| format |
text |
| author |
XIAO, Yan BESCHASTNIKH, Ivan LIN, Yun HUNDAL, Rajdeep Singh XIE, Xiaofei ROSENBLUM, David S. DONG, Jin Song |
| author_facet |
XIAO, Yan BESCHASTNIKH, Ivan LIN, Yun HUNDAL, Rajdeep Singh XIE, Xiaofei ROSENBLUM, David S. DONG, Jin Song |
| author_sort |
XIAO, Yan |
| title |
Self-checking deep neural networks for anomalies and adversaries in deployment |
| title_short |
Self-checking deep neural networks for anomalies and adversaries in deployment |
| title_full |
Self-checking deep neural networks for anomalies and adversaries in deployment |
| title_fullStr |
Self-checking deep neural networks for anomalies and adversaries in deployment |
| title_full_unstemmed |
Self-checking deep neural networks for anomalies and adversaries in deployment |
| title_sort |
self-checking deep neural networks for anomalies and adversaries in deployment |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7493 https://ink.library.smu.edu.sg/context/sis_research/article/8496/viewcontent/tdsc22_selfchecker.pdf |
| _version_ |
1770576357250564096 |