Predicted Robustness as QoS for Deep Neural Network Models
- PDF / 1,200,178 Bytes
- 17 Pages / 595 x 842 pts (A4) Page_size
- 49 Downloads / 235 Views
Predicted Robustness as QoS for Deep Neural Network Models Yue-Huan Wang1 , Ze-Nan Li1 , Jing-Wei Xu1,∗ , Member, CCF, ACM, Ping Yu1 , Member, CCF, Taolue Chen1,2 , and Xiao-Xing Ma1 , Member, CCF, ACM, IEEE 1 2
State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China Department of Computer Science, University of Surrey, Guilford, GU2 7XH, U.K.
E-mail: {wangyuehuan, lizenan}@smail.nju.edu.cn; {jingweix, yuping}@nju.edu.cn; [email protected] E-mail: [email protected] Received March 31, 2020; revised July 29, 2020. Abstract The adoption of deep neural network (DNN) model as the integral part of real-world software systems necessitates explicit consideration of their quality-of-service (QoS). It is well-known that DNN models are prone to adversarial attacks, and thus it is vitally important to be aware of how robust a model’s prediction is for a given input instance. A fragile prediction, even with high confidence, is not trustworthy in light of the possibility of adversarial attacks. We propose that DNN models should produce a robustness value as an additional QoS indicator, along with the confidence value, for each prediction they make. Existing approaches for robustness computation are based on adversarial searching, which are usually too expensive to be excised in real time. In this paper, we propose to predict, rather than to compute, the robustness measure for each input instance. Specifically, our approach inspects the output of the neurons of the target model and trains another DNN model to predict the robustness. We focus on convolutional neural network (CNN) models in the current research. Experiments show that our approach is accurate, with only 10%–34% additional errors compared with the offline heavy-weight robustness analysis. It also significantly outperforms some alternative methods. We further validate the effectiveness of the approach when it is applied to detect adversarial attacks and out-of-distribution input. Our approach demonstrates a better performance than, or at least is comparable to, the state-of-the-art techniques. Keywords
1
deep neural network, quality of service, robustness, prediction
Introduction
Deep learning (DL) has been demonstrated surprising power in various challenging tasks such as natural language processing [1] , speech recognition [2] , image processing [3] , recommendation systems [4, 5] , gaming [6] and even in the sentiment analysis for human beings [7] , which are hard to accomplish using conventional methods. Consequently, deep neural network (DNN) models are increasingly adopted in real-world applications, including some safety-critical scenarios such as self-driving [8] , disease diagnosis [9] , and malware detection [10] .
However, different from conventional software artifacts, DNN models provide little guarantee about their quality of service (QoS) on each individual input other than the inaccurate confidence value [11, 12] . This is largely due to the inductive nature of statistical machine learning and the lack of i
Data Loading...