BIROn - Birkbeck Institutional Research Online

    Predicted robustness as QoS for Deep Neural Network Models

    Wang, Y.-H. and Li, Z.-N. and Xu, J.W. and Yu, P. and Chen, Taolue and Ma, X.X. (2020) Predicted robustness as QoS for Deep Neural Network Models. Journal of Computer Science and Technology 35 (5), pp. 999-1015. ISSN 1000-9000.

    [img]
    Preview
    Text
    main.pdf - Author's Accepted Manuscript

    Download (511kB) | Preview

    Abstract

    The adoption of deep neural network (DNN) model as the integral part of real-world software systems necessitates explicit consideration of their quality-of-service (QoS). It is well-known that DNN models are prone to adversarial attacks, and thus it is vitally important to be aware of how robust a model’s prediction is for a given input instance. A fragile prediction, even with high confidence, is not trustworthy in light of the possibility of adversarial attacks. We propose that DNN models should produce a robustness value as an additional QoS indicator, along with the confidence value, for each prediction they make. Existing approaches for robustness computation are based on adversarial searching, which are usually too expensive to be excised in real time. In this paper, we propose to predict, rather than to compute, the robustness measure for each input instance. Specifically, our approach inspects the output of the neurons of the target model and trains another DNN model to predict the robustness. We focus on convolutional neural network (CNN) models in the current research. Experiments show that our approach is accurate, with only 10%–34% additional errors compared with the offline heavy-weight robustness analysis. It also significantly outperforms some alternative methods. We further validate the effectiveness of the approach when it is applied to detect adversarial attacks and out-of-distribution input. Our approach demonstrates a better performance than, or at least is comparable to, the state-of-the-art techniques.

    Metadata

    Item Type: Article
    Additional Information: The final publication is available at Springer via the link above.
    School: School of Business, Economics & Informatics > Computer Science and Information Systems
    Depositing User: Taolue Chen
    Date Deposited: 06 Jul 2021 14:41
    Last Modified: 30 Sep 2021 00:10
    URI: https://eprints.bbk.ac.uk/id/eprint/44958

    Statistics

    Downloads
    Activity Overview
    6Downloads
    29Hits

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item