Towards verifying robustness of neural networks against a family of semantic perturbations

Mohapatra, Jeet; Weng, Tsui-Wei; Chen, Pin-Yu; Liu, Sijia; Daniel, Luca

Author(s)

Mohapatra, Jeet; Weng, Tsui-Wei; Chen, Pin-Yu; Liu, Sijia; Daniel, Luca

DownloadAccepted version (1.553Mb)

Open Access Policy

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

Verifying robustness of neural networks given a specified threat model is a fundamental yet challenging task. While current verification methods mainly focus on the p-norm threat model of the input instances, robustness verification against semantic adversarial attacks inducing large p-norm perturbations, such as color shifting and lighting adjustment, are beyond their capacity. To bridge this gap, we propose Semantify-NN, a model-agnostic and generic robustness verification approach against semantic perturbations for neural networks. By simply inserting our proposed semantic perturbation layers (SP-layers) to the input layer of any given model, Semantify-NN is model-agnostic, and any p-norm based verification tools can be used to verify the model robustness against semantic perturbations. We illustrate the principles of designing the SP-layers and provide examples including semantic perturbations to image classification in the space of hue, saturation, lightness, brightness, contrast and rotation, respectively. In addition, an efficient refinement technique is proposed to further significantly improve the semantic certificate. Experiments on various network architectures and different datasets demonstrate the superior verification performance of Semantify-NN over p-norm-based verification frameworks that naively convert semantic perturbation to p-norm. The results show that Semantify-NN can support robustness verification against a wide range of semantic perturbations.

Date issued

2020-06

URI

https://hdl.handle.net/1721.1/130001

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition

Publisher

IEEE

Citation

Mohapatra, Jeet et al. “Towards verifying robustness of neural networks against a family of semantic perturbations.” Paper in the Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, June 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, WA, 13-19 June 2020, IEEE © 2020 The Author(s)

Version: Author's final manuscript

ISBN

9781728171685

ISSN

1063-6919

Collections

MIT Open Access Articles