Fast Reliability Estimation for Neural Networks with Adversarial Attack-Driven Importance Sampling

TIT, Karim; Furon, Teddy

Download

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

Fast Reliability Estimation for Neural Networks with Adversarial Attack-Driven Importance Sampling

TIT, Karim; Furon, Teddy

2024 • In Proceedings of Machine Learning Research, 244, p. 3356 - 3367

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/10993/67363

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

tit24a.pdf

Author postprint (776.31 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Cross entropy; Empirical validation; High dimensional data; MonteCarlo methods; Neural-networks; Rare event simulation; Reliability estimation; Reliability techniques; Statistics and Probability; Artificial Intelligence

Abstract :

[en] This paper introduces a novel approach to evaluate the reliability of Neural Networks (NNs) by integrating adversarial attacks with Importance Sampling (IS), enhancing the assessment’s precision and efficiency. Leveraging adversarial attacks to guide IS, our method efficiently identifies vulnerable input regions, offering a more directed alternative to traditional Monte Carlo methods. While comparing our approach with classical reliability techniques like FORM and SORM, and with classical rare event simulation methods such as Cross-Entropy IS, we acknowledge its reliance on the effectiveness of adversarial attacks and its inability to handle very high-dimensional data such as ImageNet. Despite these challenges, our comprehensive empirical validations on the datasets the MNIST and CIFAR10 demonstrate the method’s capability to accurately estimate NN reliability for a variety of models. Our research not only presents an innovative strategy for reliability assessment in NNs but also sets the stage for further work exploiting the connection between adversarial robustness and the field of statistical reliability engineering.

Disciplines :

Computer science

Author, co-author :

TIT, Karim ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal ; Inria, CNRS, IRISA, University of Rennes, Rennes, France

Furon, Teddy; Inria, CNRS, IRISA, University of Rennes, Rennes, France

External co-authors :

yes

Language :

English

Title :

Fast Reliability Estimation for Neural Networks with Adversarial Attack-Driven Importance Sampling

Publication date :

April 2024

Event name :

Fortieth Conference on Uncertainty in Artificial Intelligence

Event place :

Barcelona, Esp

Event date :

15-07-2024 => 19-07-2024

Journal title :

Proceedings of Machine Learning Research

eISSN :

2640-3498

Publisher :

ML Research Press

Volume :

244

Pages :

3356 - 3367

Peer reviewed :

Peer Reviewed verified by ORBi

Funders :

ANR - Agence Nationale de la Recherche

Funding text :

We thank French ANR and AID agencies for funding Chaire SAIDA ANR-20-CHIA-0011-01.

Available on ORBilu :

since 19 January 2026

Statistics

Number of views

11 (0 by Unilu)

Number of downloads

1 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Siu-Kui Au and James L. Beck. Estimation of small failure probabilities in high dimensions by subset simulation. Probabilistic Engineering Mechanics, 16(4):263-277, 2001. ISSN 0266-8920. doi: https://doi.org/10.1016/S0266-8920(01)00019-4. URL https://www.sciencedirect.com/science/article/pii/S0266892001000194.
Teodora Baluta, Zheng Leong Chua, Kuldeep S. Meel, and Prateek Saxena. Scalable quantitative verification for deep neural networks. In Proc. of Int. Conf. on Software Engineering, 2021.
Nicholas Carlini and David Wagner. Towards evaluating the robustness of neural networks. In 2017 IEEE Symposium on Security and Privacy (SP), 2017.
Frédéric Cérou, Arnaud Guyader, and Mathias Rousset. Adaptive multilevel splitting: Historical perspective and recent results. Chaos: An Interdisciplinary Journal of Nonlinear Science, 29(4):043108, 04 2019. ISSN 1054-1500. doi: 10.1063/1.5082247. URL https://doi.org/10.1063/1.5082247.
Jia Deng, Wei Dong, Richard Socher, Li-Jia Li, Kai Li, and Li Fei-Fei. Imagenet: A large-scale hierarchical image database. In 2009 IEEE Conference on Computer Vision and Pattern Recognition, pages 248-255, 2009. doi: 10. 1109/CVPR.2009.5206848.
A. Der Kiureghian. Structural and System Reliability. Cambridge University Press, 2022. ISBN 9781108834148. URL https://books.google.fr/books?id= M_JLEAAAQBAJ.
Abraham M. Hasofer and Niels Lind. Exact and invariant second-moment code format. Journal of Engineering Mechanics-asce, 100:111-121, 1974. URL https://api.semanticscholar.org/CorpusID:118986521.
Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. Deep residual learning for image recognition. CoRR, abs/1512.03385, 2015. URL http://arxiv.org/abs/1512.03385.
Damien Jacquemart-Tomi, Jérôme Morio, and François Le Gland. A combined importance splitting and sampling algorithm for rare event estimation. In 2013 Winter Simulations Conference (WSC), pages 1035-1046, 2013. doi: 10.1109/WSC.2013.6721493.
Guy Katz, Clark Barrett, David L. Dill, Kyle Julian, and Mykel J. Kochenderfer. Reluplex: An efficient SMT solver for verifying deep neural networks. In Rupak Majumdar and Viktor Kunčak, editors, Computer Aided Verification, pages 97-117, Cham, 2017. Springer International Publishing. ISBN 978-3-319-63387-9. URL https://arxiv.org/abs/1312.6199.
P.S. Koutsourelakis, H.J. Pradlwarter, and G.I. Schuëller. Reliability of structures in high dimensions, part i: algorithms and applications. Probabilistic Engineering Mechanics, 19(4):409-417, 2004. ISSN 0266-8920. doi: https://doi.org/10.1016/j.probengmech.2004.05.001. URL https://www.sciencedirect.com/science/article/pii/S0266892004000402.
Yann LeCun, Bernhard Boser, John Denker, Donnie Henderson, R. Howard, Wayne Hubbard, and Lawrence Jackel. Handwritten digit recognition with a back-propagation network. In D. Touretzky, editor, Advances in Neural Information Processing Systems, volume 2. Morgan-Kaufmann, 1990. URL https://proceedings.neurips.cc/paper/1989/file/ 53c3bce66e43be4f209556518c2fcb54-Paper. pdf.
Bo Li, Thomas Bengtsson, and Peter Bickel. Curse-of-dimensionality revisited: Collapse of importance sampling in very large scale systems. 01 2005.
Robert E Melchers and André T Beck. Structural reliability analysis and prediction. John wiley & sons, 2018.
André Nataf. Étude graphique de détermination de distributions de probabilités planes dont les marges sont données. Annales de l’ISUP, XI(3):[257]-260, 1962. URL https://hal.science/hal-04095227.
Maura Pintor, Fabio Roli, Wieland Brendel, and Battista Biggio. Fast minimum-norm adversarial attacks through adaptive norm constraints. 2021.
Rüdiger Rackwitz and Bernd Flessler. Structural reliability under combined random load sequences. Computers Structures, 9(5):489-494, 1978. ISSN 0045-7949. doi: https://doi.org/10.1016/0045-7949(78)90046-9. URL https://www.sciencedirect.com/science/article/pii/0045794978900469.
Murray Rosenblatt. Remarks on a multivariate transformation. The Annals of Mathematical Statistics, 23(3): 470-472, 1952. ISSN 00034851. URL http://www.jstor.org/stable/2236692.
Reuven Y. Rubinstein and Dirk P. Kroese. Simulation and the Monte Carlo Method. Wiley Publishing, 3rd edition, 2016. ISBN 1118632168.
Gagandeep Singh, Timon Gehr, Matthew Mirman, Markus Püschel, and Martin Vechev. Fast and effective robustness certification. In S. Bengio, H. Wallach, H. Larochelle, K. Grauman, N. Cesa-Bianchi, and R. Garnett, editors, Advances in Neural Information Processing Systems, volume 31. Curran Associates, Inc., 2018. URL https://proceedings.neurips.cc/paper/2018/file/ f2f446980d8e971ef3da97af089481c3-Paper. pdf.
Karim Tit, Teddy Furon, and Mathias Rousset. Efficient Statistical Assessment of Neural Network Corruption Robustness. In NeurIPS 2021 - 35th Conference on Neural Information Processing Systems, volume 34 of Advances in Neural Information Processing Systems proceedings, Sydney (virtual), Australia, December 2021. URL https://hal.archives-ouvertes.fr/hal-03407011.
Karim Tit, Teddy Furon, and Mathias Rousset. Gradient-informed neural network statistical robustness estimation. In Francisco Ruiz, Jennifer Dy, and Jan-Willem van de Meent, editors, Proceedings of The 26th International Conference on Artificial Intelligence and Statistics, volume 206 of Proceedings of Machine Learning Research, pages 323-334. PMLR, 25-27 Apr 2023. URL https://proceedings.mlr.press/v206/tit23a.html.
A. Wald. Sequential tests of statistical hypotheses. The Annals of Mathematical Statistics, 16(2):117-186, 1945. ISSN 00034851. URL http://www.jstor.org/stable/2235829.
Stefan Webb, Tom Rainforth, Yee Whye Teh, and M Pawan Kumar. A statistical approach to assessing neural network robustness. In International Conference on Learning Representations, 2019.
Lily Weng, Pin-Yu Chen, Lam Nguyen, Mark Squillante, Akhilan Boopathy, Ivan Oseledets, and Luca Daniel. PROVEN: Verifying robustness of neural networks with a probabilistic approach. In Proceedings of the 36th International Conference on Machine Learning, volume 97 of Proceedings of Machine Learning Research, pages 6727-6736. PMLR, 09-15 Jun 2019. URL http://proceedings.mlr.press/v97/weng19a.html.