verification of deep learning systems
play

Verification of Deep Learning Systems Xiaowei Huang, University of - PowerPoint PPT Presentation

Jan 13, 2023 •155 likes •973 views

Verification of Deep Learning Systems Xiaowei Huang, University of Liverpool December 25, 2017 Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  1. Verification of Deep Learning Systems Xiaowei Huang, University of Liverpool December 25, 2017

  3. Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  4. Human-Level Intelligence

  5. Robotics and Autonomous Systems

  6. Figure: safety in image classification networks

  7. Figure: safety in natural language processing networks

  8. Figure: safety in voice recognition networks

  9. Figure: safety in security systems

  10. Microsoft Chatbot On 23 Mar 2016, Microsoft launched a new artificial intelligence chat bot that it claims will become smarter the more you talk to it.

  11. Microsoft Chatbot after 24 hours ...

  12. Microsoft Chatbot

  13. Microsoft Chatbot

  14. Major problems and critiques ◮ un-safe, e.g., instability to adversarial examples ◮ hard to explain to human users ◮ ethics, trustworthiness, accountability, etc.

  15. Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  16. Automated Verification, a.k.a. Model Checking

  17. Robotics and Autonomous Systems Robotic and autonomous systems (RAS) are interactive, cognitive and interconnected tools that perform useful tasks in the real world where we live and work.

  18. Systems for Verification: Paradigm Shifting

  19. System Properties ◮ dependability (or reliability) ◮ human values, such as trustworthiness, morality, ethics, transparency, etc (We have another line of work on the verification of social trust between human and robots [1]) ◮ explainability ?

  20. Verification of Deep Learning

  21. Outline Background Challenges for Verification Deep Learning Verification [2] Safety Definition Challenges Approaches Experimental Results Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  22. Human Driving vs. Autonomous Driving Traffic image from “The German Traffic Sign Recognition Benchmark”

  23. Deep learning verification (DLV) Image generated from our tool Deep Learning Verification (DLV) 1 1 X. Huang and M. Kwiatkowska. Safety verification of deep neural networks . CAV-2017.

  24. Safety Problem: Tesla incident

  25. Deep neural networks all implemented with

  26. Safety Definition: Deep Neural Networks ◮ R n be a vector space of images (points) ◮ f : R n → C , where C is a (finite) set of class labels, models the human perception capability, ◮ a neural network classifier is a function ˆ f ( x ) which approximates f ( x )

  27. Safety Definition: Deep Neural Networks A (feed-forward and deep) neural network N is a tuple ( L , T , Φ), where ◮ L = { L k | k ∈ { 0 , ..., n }} : a set of layers. ◮ T ⊆ L × L : a set of sequential connections between layers, ◮ Φ = { φ k | k ∈ { 1 , ..., n }} : a set of activation functions φ k : D L k − 1 → D L k , one for each non-input layer.

  28. Safety Definition: Illustration

  29. Safety Definition: Traffic Sign Example

  30. Safety Definition: General Safety [General Safety] Let η k ( α x , k ) be a region in layer L k of a neural network N such that α x , k ∈ η k ( α x , k ). We say that N is safe for input x and region η k ( α x , k ), written as N , η k | = x , if for all activations α y , k in η k ( α x , k ) we have α y , n = α x , n .

  31. Challenges Challenge 1: continuous space, i.e., there are an infinite number of points to be tested in the high-dimensional space

  32. Challenges Challenge 2: The spaces are high dimensional Note: a colour image of size 32*32 has the 32*32*3 = 784 dimensions. Note: hidden layers can have many more dimensions than input layer.

  33. Challenges Challenge 3: the functions f and ˆ f are highly non-linear, i.e., safety risks may exist in the pockets of the spaces Figure: Input Layer and First Hidden Layer

  34. Challenges Challenge 4: not only heuristic search but also verification

  35. Approach 1: Discretisation by Manipulations Define manipulations δ k : D L k → D L k over the activations in the vector space of layer k . δ 2 δ 2 δ 1 δ 1 α x,k α x,k δ 3 δ 3 δ 4 δ 4 Figure: Example of a set { δ 1 , δ 2 , δ 3 , δ 4 } of valid manipulations in a 2-dimensional space

  36. ladders, bounded variation, etc η k ( α x,k ) η k ( α x,k ) α x j +1 ,k α x j +1 ,k δ k δ k α x j ,k α x j ,k δ k δ k δ k δ k α x 2 ,k α x 2 ,k α x,k = α x 0 ,k α x,k = α x 0 ,k α x 1 ,k α x 1 ,k δ k δ k δ k δ k δ k δ k Figure: Examples of ladders in region η k ( α x , k ). Starting from α x , k = α x 0 , k , the activations α x 1 , k ...α x j , k form a ladder such that each consecutive activation results from some valid manipulation δ k applied to a previous activation, and the final activation α x j , k is outside the region η k ( α x , k ).

  37. Safety wrt Manipulations [Safety wrt Manipulations] Given a neural network N , an input x and a set ∆ k of manipulations, we say that N is safe for input x with respect to the region η k and manipulations ∆ k , written as N , η k , ∆ k | = x , if the region η k ( α x , k ) is a 0-variation for the set L ( η k ( α x , k )) of its ladders, which is complete and covering. Theorem ( ⇒ ) N , η k | = x (general safety) implies N , η k , ∆ k | = x (safety wrt manipulations).

  38. Minimal Manipulations Define minimal manipulation as the fact that there does not exist a finer manipulation that results in a different classification. Theorem ( ⇐ ) Given a neural network N, an input x, a region η k ( α x , k ) and a set ∆ k of manipulations, we have that N , η k , ∆ k | = x (safety wrt manipulations) implies N , η k | = x (general safety) if the manipulations in ∆ k are minimal.

  39. Approach 2: Layer-by-Layer Refinement Figure: Refinement in general safety

  40. Approach 2: Layer-by-Layer Refinement Figure: Refinement in general safety and safety wrt manipulations

  41. Approach 2: Layer-by-Layer Refinement Figure: Complete refinement in general safety and safety wrt manipulations

  42. Approach 3: Exhaustive Search η k ( α x,k ) η k ( α x,k ) α x j +1 ,k α x j +1 ,k δ k δ k α x j ,k α x j ,k δ k δ k δ k δ k α x 2 ,k α x 2 ,k δ k δ k α x,k = α x 0 ,k α x,k = α x 0 ,k α x 1 ,k α x 1 ,k δ k δ k δ k δ k Figure: exhaustive search (verification) vs. heuristic search

  43. Approach 4: Feature Discovery Natural data, for example natural images and sound, forms a high-dimensional manifold, which embeds tangled manifolds to represent their features. Feature manifolds usually have lower dimension than the data manifold, and a classification algorithm is to separate a set of tangled manifolds.

  44. Approach 4: Feature Discovery

  45. Experimental Results: MNIST Image Classification Network for the MNIST Handwritten Numbers 0 – 9 Total params: 600,810

  46. Experimental Results: MNIST

  47. Experimental Results: GTSRB Image Classification Network for The German Traffic Sign Recognition Benchmark Total params: 571,723

  48. Experimental Results: GTSRB

  49. Experimental Results: GTSRB

  50. Experimental Results: CIFAR-10 Image Classification Network for the CIFAR-10 small images Total params: 1,250,858

  51. Experimental Results: CIFAR-10

  52. Experimental Results: imageNet Image Classification Network for the ImageNet dataset, a large visual database designed for use in visual object recognition software research. Total params: 138,357,544

  53. Experimental Results: ImageNet

  54. Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Preliminaries Safety Testing Experimental Results Conclusions and Future Works

  55. Contributions Contributions: ◮ feature guided black-box ◮ theoretical safety guarantee, with evidence of practical convergence ◮ time efficiency, moving towards real-time detection ◮ evaluation of safety-critical systems ◮ counter-claiming a recent statement

  56. Black-box vs. White-box

  57. Human Perception by Feature Extraction Figure: Illustration of the transformation of an image into a saliency distribution. ◮ (a) The original image α , provided by ImageNet. ◮ (b) The image marked with relevant keypoints Λ( α ). ◮ (c) The heatmap of the Gaussian mixture model G (Λ( α )).

  58. Human Perception as Gaussian Mixture Model SIFT: ◮ invariant to image translation, scaling, and rotation, ◮ partially invariant to illumination changes and ◮ robust to local geometric distortion

  59. Pixel Manipulation define pixel manipulations δ X , i : D → D for X ⊆ P 0 a subset of input dimensions and i ∈ I :  α ( x , y , z ) + τ, if ( x , y ) ∈ X and i = +  δ X , i ( α )( x , y , z ) = α ( x , y , z ) − τ, if ( x , y ) ∈ X and i = − α ( x , y , z ) otherwise 

  60. Safety Testing as Two-Player Turn-based Game

  61. Rewards under Strategy Profile σ = ( σ 1 , σ 2 ) ◮ For terminal nodes, ρ ∈ Path F I , 1 R ( σ, ρ ) = sev α ( α ′ ρ ) where sev α ( α ′ ) is severity of an image α ′ , comparing to the original image α ◮ For non-terminal nodes, simply compute the reward by applying suitable strategy σ i on the rewards of the children nodes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition

Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition

Verification of Robotics and Autonomous Systems Xiaowei Huang Challenges Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition Challenges Approaches Experimental Results Verification in Xiaowei

1.21k views • 99 slides
DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline

DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline

DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline Rise of Deep Learning Methods Deep Learning Systems: Specification Deep Learning Systems: Execution Future of Deep Learning Systems

561 views • 25 slides
EFFECTIVE FACE VERIFICATION SYSTEMS BASED ON THE HISTOGRAM OF ORIENTED GRADIENTS AND DEEP

EFFECTIVE FACE VERIFICATION SYSTEMS BASED ON THE HISTOGRAM OF ORIENTED GRADIENTS AND DEEP

EFFECTIVE FACE VERIFICATION SYSTEMS BASED ON THE HISTOGRAM OF ORIENTED GRADIENTS AND DEEP LEARNING TECHNIQUES Sawitree Khunthi, Pichada Saichua and Olarik Surinta Present at the 14 th International Joint Symposium on Artificial Intelligence and

309 views • 18 slides
Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490 HST.506 Guest Lecturer: Brandon Carter Prof. David Gifford Lecture 5 February 20, 2020 Deep Learning Model Interpretation http://mit6874.github.io 1

826 views • 53 slides
Minjie Wang Deep Learning Deep Learning trend in the past 10 years Caffe State-of-art DL

Minjie Wang Deep Learning Deep Learning trend in the past 10 years Caffe State-of-art DL

Tofu: Parallelizing Deep Learning Systems with Automatic Tiling Minjie Wang Deep Learning Deep Learning trend in the past 10 years Caffe State-of-art DL system is based on dataflow GPU#0 w1 w2 data g1 g2 Forward propagation

405 views • 38 slides
CSE 291D/234 Data Systems for Machine Learning Arun Kumar Topic 2: Deep Learning Systems DL

CSE 291D/234 Data Systems for Machine Learning Arun Kumar Topic 2: Deep Learning Systems DL

CSE 291D/234 Data Systems for Machine Learning Arun Kumar Topic 2: Deep Learning Systems DL book; Chapters 5 and 6 of MLSys book 1 Academic ML 101 Generalized Linear Models (GLMs); from statistics Bayesian Networks ; inspired by causal

1.16k views • 79 slides
From Deep Learning to Deep University: Cognitive Development of Intelligent Systems Mariia

From Deep Learning to Deep University: Cognitive Development of Intelligent Systems Mariia

From Deep Learning to Deep University: Cognitive Development of Intelligent Systems Mariia Golovianko, Svitlana Gryshko & Vagan Terziyan IKC-2017, Gda sk, Poland, 11-12 September 2017 Check updates here:

558 views • 36 slides
Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content contributions: Earlence Fernandes, Kevin Eykholt, Chaowei Xiao, Amir Rahmati, Florian Tramer, Bo Li, Atul Prakash, Tadayoshi Kohno, Dawn Song Deep Learning

556 views • 44 slides
Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

661 views • 28 slides
Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490 HST.506 David Gifford Lecture 20 April 21, 2020 COVID-19 Machine Learning Designed Therapeutics http://mit6874.github.io 1 Overview of todays

1.1k views • 84 slides
Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490 HST.506 David Gifford Lecture 19 April 16, 2020 Predicting genome editing outcomes with machine learning methods http://mit6874.github.io 1 Poll

666 views • 66 slides
Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Deep 3D Representation Learning for Visual Computing Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms Conclusion 2 Outline Overview of 3D deep learning Background 3D deep learning tasks 3D deep

1.66k views • 122 slides
Collaborative Deep Learning for Recommender Systems Hao Wang Naiyan Wang Dit-Yan Yeung 1

Collaborative Deep Learning for Recommender Systems Hao Wang Naiyan Wang Dit-Yan Yeung 1

Collaborative Deep Learning for Recommender Systems Hao Wang Naiyan Wang Dit-Yan Yeung 1 Motivation Stacked Denoising Autoencoders Probabilistic Matrix Factorization Collaborative Deep Learning Experiments Summary

724 views • 46 slides
ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY MEDIA & ENTERTAINMENT SECURITY & DEFENSE AUTONOMOUS MACHINES Image

307 views • 26 slides
Deep Learning for Automated Systems: From the Warehouse to the Road Dr. Melissa C. Smith Clemson

Deep Learning for Automated Systems: From the Warehouse to the Road Dr. Melissa C. Smith Clemson

Deep Learning for Automated Systems: From the Warehouse to the Road Dr. Melissa C. Smith Clemson University Future Computing Technologies Laboratory Eddie Weill, Sufeng Niu, Colin Targonski, and Ben Shealy Overview Simulation Using deep

672 views • 28 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
Ava: From data to insights through conversations A review by Apaar Shanker DATA ANALYTICS

Ava: From data to insights through conversations A review by Apaar Shanker DATA ANALYTICS

Ava: From data to insights through conversations A review by Apaar Shanker DATA ANALYTICS USING DEEP LEARNING GT CS 8803 // FALL 2018 // Paper under review Ava: From Data to Insights Through Conversation Authors: Rogers Jeffrey Leo John 1 ,

323 views • 15 slides
SMART HOME OVER IRC HAVING A CHAT WITH YOUR TOASTER 1 Motivation In this Lab you will

SMART HOME OVER IRC HAVING A CHAT WITH YOUR TOASTER 1 Motivation In this Lab you will

create your own exercise Joshua Koutny, Simon Anlauff | Team 204 SMART HOME OVER IRC HAVING A CHAT WITH YOUR TOASTER 1 Motivation In this Lab you will Create your own Smart Space Connect devices over a chat protocol Message

487 views • 15 slides
Chatbot models, NLU & ASR Pierre Lison IN4080 : Natural Language Processing (Fall 2020)

Chatbot models, NLU & ASR Pierre Lison IN4080 : Natural Language Processing (Fall 2020)

www.nr.no Chatbot models, NLU & ASR Pierre Lison IN4080 : Natural Language Processing (Fall 2020) 12.10.2020 Plan for today Obligatory assignment Chatbot models (cont'd) Natural Language Understanding (NLU) for dialogue

1.33k views • 29 slides
Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 21, 2011 Announcements HKN reviewing today, 12:15PM Final exam

987 views • 31 slides
Dialogue Quality and Nugget Detection for Short Text Conversation (STC-3) based on Hierarchical

Dialogue Quality and Nugget Detection for Short Text Conversation (STC-3) based on Hierarchical

WIDM @ NTCIR-14 STC-3 Task: Dialogue Quality and Nugget Detection for Short Text Conversation (STC-3) based on Hierarchical Multi-Stack Model with Memory Enhance Structure NATIONAL CENTRAL UNIVERSITY, TAOYUAN, TAIWAN AUTHORS : HSIANG-EN CHERNG

984 views • 49 slides
Improving Domain Independent Question Parsing with Synthetic Treebanks COLING 2018: LAW-MWE-CxG

Improving Domain Independent Question Parsing with Synthetic Treebanks COLING 2018: LAW-MWE-CxG

Improving Domain Independent Question Parsing with Synthetic Treebanks COLING 2018: LAW-MWE-CxG Halim-Antoine Boukaram , Nizar Habash, Micheline Ziadee, and Majd Sakr American University of Science and Technology, Lebanon New York

294 views • 25 slides
C hatti ng w i th I n C hat C hatbots f or Resear ch Purposes I n C hat H ands O n C

C hatti ng w i th I n C hat C hatbots f or Resear ch Purposes I n C hat H ands O n C

C hatti ng w i th I n C hat C hatbots f or Resear ch Purposes I n C hat H ands O n C ase studi es D esi gni ng di al ogues Rapi d testi ng w i th hum an chatbot depl oym ent Refl ect & shar e pr oposed di

519 views • 25 slides
Neural Conversational Models Human: What is the purpose of living? Machine: To live forever.

Neural Conversational Models Human: What is the purpose of living? Machine: To live forever.

Neural Conversational Models Human: What is the purpose of living? Machine: To live forever. Berkay Antmen March 8, 2016 Conversational model Purpose: Given previous sentences of the dialogue and context, output a response Why?

545 views • 28 slides

More recommend