short-paper

Styx: a data-oriented mutation framework to improve the robustness of DNN

Authors:

Ji WangAuthors Info & Claims

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

Pages 1260 - 1261

https://doi.org/10.1145/3324884.3418903

Published: 27 January 2021 Publication History

Abstract

The robustness of deep neural network (DNN) is critical and challenging to ensure. In this paper, we propose a general data-oriented mutation framework, called Styx, to improve the robustness of DNN. Styx generates new training data by slightly mutating the training data. In this way, Styx ensures the DNN's accuracy on the test dataset while improving the adaptability to small perturbations, i.e., improving the robustness. We have instantiated Styx for image classification and proposed pixel-level mutation rules that are applicable to any image classification DNNs. We have applied Styx on several commonly used benchmarks and compared Styx with the representative adversarial training methods. The preliminary experimental results indicate the effectiveness of Styx.

References

[1]

Osbert Bastani, Yani Ioannou, Leonidas Lampropoulos, Dimitrios Vytiniotis, Aditya V. Nori, and Antonio Criminisi. [n.d.]. Measuring Neural Net Robustness with Constraints. In NeurIPS 2016, pp.2613--2621, 2016.

[2]

Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and Harnessing Adversarial Examples. CoRR abs/1412.6572 (2014).

[3]

Andrew Ilyas, Ajil Jalal, Eirini Asteri, Constantinos Daskalakis, and Alexandros G. Dimakis. 2017. The Robust Manifold Defense: Adversarial Training using Generative Models. CoRR abs/1712.09196 (2017).

[4]

Guy Katz, Clark W. Barrett, David L. Dill, Kyle Julian, and Mykel J. Kochenderfer. 2017. Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks. In CAV.

[5]

Jiman Kim and Chanjong Park. 2017. End-To-End Ego Lane Estimation Based on Sequential Transfer Learning for Self-Driving Cars. In CVPR 2017. 1194--1202.

[6]

Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. CoRR abs/1607.02533 (2016).

[7]

Lei Ma, Felix Juefei-Xu, Fuyuan Zhang, Jiyuan Sun, Minhui Xue, Bo Li, Chunyang Chen, Ting Su, Li Li, Yang Liu, Jianjun Zhao, and Yadong Wang. 2018. DeepGauge: multi-granularity testing criteria for deep learning systems. In ASE 2018.

Digital Library

[8]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. In CVPR 2016.

[9]

Aran Nayebi and Surya Ganguli. 2017. Biologically inspired protection of deep networks from adversarial attacks. CoRR abs/1703.09202 (2017).

[10]

Nicolas Papernot, Patrick D. McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2016. Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks. In S&P 2016.

[11]

Kexin Pei, Yinzhi Cao, Junfeng Yang, and Suman Jana. 2017. DeepXplore: Automated Whitebox Testing of Deep Learning Systems. In SOSP 2017.

Digital Library

[12]

D. E. Rumelhart, G. E. Hinton, and R. J. Williams. 1986. Leaning internal representations by back-propagating errors. Nature 323, 6088 (1986), 318--362.

[13]

Shiwei Shen, Guoqing Jin, Ke Gao, and Yongdong Zhang. 2017. AE-GAN: adversarial eliminating with GAN. CoRR abs/1707.05474 (2017).

[14]

Youcheng Sun, Xiaowei Huang, and Daniel Kroening. 2018. Testing Deep Neural Networks. CoRR abs/1803.04792 (2018).

[15]

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. CoRR abs/1312.6199 (2013).

Cited By

Delgado‐Pérez PMeléndez‐Lapi IBoubeta‐Puig J(2024)Gas‐centered mutation testing of Ethereum Smart ContractsJournal of Software: Evolution and Process10.1002/smr.267236:9Online publication date: 12-Apr-2024
https://doi.org/10.1002/smr.2672
Sánchez ADelgado-Pérez PMedina-Bulo ISegura S(2022)Mutation testing in the wild: findings from GitHubEmpirical Software Engineering10.1007/s10664-022-10177-827:6Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1007/s10664-022-10177-8

Index Terms

Styx: a data-oriented mutation framework to improve the robustness of DNN
1. Software and its engineering
  1. Software notations and tools

Recommendations

Fuzz testing based data augmentation to improve robustness of deep neural networks
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

Deep neural networks (DNN) have been shown to be notoriously brittle to small perturbations in their input data. This problem is analogous to the over-fitting problem in test-based program synthesis and automatic program repair, which is a consequence of ...
Adversarial Robustness in Deep Learning: From Practices to Theories
KDD '21: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining

Deep neural networks (DNNs) have achieved unprecedented accomplishments in various machine learning tasks. However, recent studies demonstrate that DNNs are extremely vulnerable to adversarial examples. They are manually synthesized input samples which ...
Re-thinking model robustness from stability: a new insight to defend adversarial examples
Abstract
We study the model robustness against adversarial examples, referred to as small perturbed input data that may however fool many state-of-the-art deep learning models. Unlike previous research, we establish a novel theory addressing the robustness ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

December 2020

1449 pages

ISBN:9781450367684

DOI:10.1145/3324884

General Chair:
John Grundy,
Program Chairs:
Claire Le Goues,
David Lo

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 January 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

NSFC
National Key R&D Program of China

Conference

ASE '20

Sponsor:

ASE '20: 35th IEEE/ACM International Conference on Automated Software Engineering

December 21 - 25, 2020

Virtual Event, Australia

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
84
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Delgado‐Pérez PMeléndez‐Lapi IBoubeta‐Puig J(2024)Gas‐centered mutation testing of Ethereum Smart ContractsJournal of Software: Evolution and Process10.1002/smr.267236:9Online publication date: 12-Apr-2024
https://doi.org/10.1002/smr.2672
Sánchez ADelgado-Pérez PMedina-Bulo ISegura S(2022)Mutation testing in the wild: findings from GitHubEmpirical Software Engineering10.1007/s10664-022-10177-827:6Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1007/s10664-022-10177-8

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents