verification of deep learning systems
play

Verification of Deep Learning Systems Xiaowei Huang, University of - PowerPoint PPT Presentation

Jan 13, 2023 •155 likes •973 views

Verification of Deep Learning Systems Xiaowei Huang, University of Liverpool December 25, 2017 Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  1. Verification of Deep Learning Systems Xiaowei Huang, University of Liverpool December 25, 2017

  3. Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  4. Human-Level Intelligence

  5. Robotics and Autonomous Systems

  6. Figure: safety in image classification networks

  7. Figure: safety in natural language processing networks

  8. Figure: safety in voice recognition networks

  9. Figure: safety in security systems

  10. Microsoft Chatbot On 23 Mar 2016, Microsoft launched a new artificial intelligence chat bot that it claims will become smarter the more you talk to it.

  11. Microsoft Chatbot after 24 hours ...

  12. Microsoft Chatbot

  13. Microsoft Chatbot

  14. Major problems and critiques ◮ un-safe, e.g., instability to adversarial examples ◮ hard to explain to human users ◮ ethics, trustworthiness, accountability, etc.

  15. Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  16. Automated Verification, a.k.a. Model Checking

  17. Robotics and Autonomous Systems Robotic and autonomous systems (RAS) are interactive, cognitive and interconnected tools that perform useful tasks in the real world where we live and work.

  18. Systems for Verification: Paradigm Shifting

  19. System Properties ◮ dependability (or reliability) ◮ human values, such as trustworthiness, morality, ethics, transparency, etc (We have another line of work on the verification of social trust between human and robots [1]) ◮ explainability ?

  20. Verification of Deep Learning

  21. Outline Background Challenges for Verification Deep Learning Verification [2] Safety Definition Challenges Approaches Experimental Results Feature-Guided Black-Box Testing [3] Conclusions and Future Works

  22. Human Driving vs. Autonomous Driving Traffic image from “The German Traffic Sign Recognition Benchmark”

  23. Deep learning verification (DLV) Image generated from our tool Deep Learning Verification (DLV) 1 1 X. Huang and M. Kwiatkowska. Safety verification of deep neural networks . CAV-2017.

  24. Safety Problem: Tesla incident

  25. Deep neural networks all implemented with

  26. Safety Definition: Deep Neural Networks ◮ R n be a vector space of images (points) ◮ f : R n → C , where C is a (finite) set of class labels, models the human perception capability, ◮ a neural network classifier is a function ˆ f ( x ) which approximates f ( x )

  27. Safety Definition: Deep Neural Networks A (feed-forward and deep) neural network N is a tuple ( L , T , Φ), where ◮ L = { L k | k ∈ { 0 , ..., n }} : a set of layers. ◮ T ⊆ L × L : a set of sequential connections between layers, ◮ Φ = { φ k | k ∈ { 1 , ..., n }} : a set of activation functions φ k : D L k − 1 → D L k , one for each non-input layer.

  28. Safety Definition: Illustration

  29. Safety Definition: Traffic Sign Example

  30. Safety Definition: General Safety [General Safety] Let η k ( α x , k ) be a region in layer L k of a neural network N such that α x , k ∈ η k ( α x , k ). We say that N is safe for input x and region η k ( α x , k ), written as N , η k | = x , if for all activations α y , k in η k ( α x , k ) we have α y , n = α x , n .

  31. Challenges Challenge 1: continuous space, i.e., there are an infinite number of points to be tested in the high-dimensional space

  32. Challenges Challenge 2: The spaces are high dimensional Note: a colour image of size 32*32 has the 32*32*3 = 784 dimensions. Note: hidden layers can have many more dimensions than input layer.

  33. Challenges Challenge 3: the functions f and ˆ f are highly non-linear, i.e., safety risks may exist in the pockets of the spaces Figure: Input Layer and First Hidden Layer

  34. Challenges Challenge 4: not only heuristic search but also verification

  35. Approach 1: Discretisation by Manipulations Define manipulations δ k : D L k → D L k over the activations in the vector space of layer k . δ 2 δ 2 δ 1 δ 1 α x,k α x,k δ 3 δ 3 δ 4 δ 4 Figure: Example of a set { δ 1 , δ 2 , δ 3 , δ 4 } of valid manipulations in a 2-dimensional space

  36. ladders, bounded variation, etc η k ( α x,k ) η k ( α x,k ) α x j +1 ,k α x j +1 ,k δ k δ k α x j ,k α x j ,k δ k δ k δ k δ k α x 2 ,k α x 2 ,k α x,k = α x 0 ,k α x,k = α x 0 ,k α x 1 ,k α x 1 ,k δ k δ k δ k δ k δ k δ k Figure: Examples of ladders in region η k ( α x , k ). Starting from α x , k = α x 0 , k , the activations α x 1 , k ...α x j , k form a ladder such that each consecutive activation results from some valid manipulation δ k applied to a previous activation, and the final activation α x j , k is outside the region η k ( α x , k ).

  37. Safety wrt Manipulations [Safety wrt Manipulations] Given a neural network N , an input x and a set ∆ k of manipulations, we say that N is safe for input x with respect to the region η k and manipulations ∆ k , written as N , η k , ∆ k | = x , if the region η k ( α x , k ) is a 0-variation for the set L ( η k ( α x , k )) of its ladders, which is complete and covering. Theorem ( ⇒ ) N , η k | = x (general safety) implies N , η k , ∆ k | = x (safety wrt manipulations).

  38. Minimal Manipulations Define minimal manipulation as the fact that there does not exist a finer manipulation that results in a different classification. Theorem ( ⇐ ) Given a neural network N, an input x, a region η k ( α x , k ) and a set ∆ k of manipulations, we have that N , η k , ∆ k | = x (safety wrt manipulations) implies N , η k | = x (general safety) if the manipulations in ∆ k are minimal.

  39. Approach 2: Layer-by-Layer Refinement Figure: Refinement in general safety

  40. Approach 2: Layer-by-Layer Refinement Figure: Refinement in general safety and safety wrt manipulations

  41. Approach 2: Layer-by-Layer Refinement Figure: Complete refinement in general safety and safety wrt manipulations

  42. Approach 3: Exhaustive Search η k ( α x,k ) η k ( α x,k ) α x j +1 ,k α x j +1 ,k δ k δ k α x j ,k α x j ,k δ k δ k δ k δ k α x 2 ,k α x 2 ,k δ k δ k α x,k = α x 0 ,k α x,k = α x 0 ,k α x 1 ,k α x 1 ,k δ k δ k δ k δ k Figure: exhaustive search (verification) vs. heuristic search

  43. Approach 4: Feature Discovery Natural data, for example natural images and sound, forms a high-dimensional manifold, which embeds tangled manifolds to represent their features. Feature manifolds usually have lower dimension than the data manifold, and a classification algorithm is to separate a set of tangled manifolds.

  44. Approach 4: Feature Discovery

  45. Experimental Results: MNIST Image Classification Network for the MNIST Handwritten Numbers 0 – 9 Total params: 600,810

  46. Experimental Results: MNIST

  47. Experimental Results: GTSRB Image Classification Network for The German Traffic Sign Recognition Benchmark Total params: 571,723

  48. Experimental Results: GTSRB

  49. Experimental Results: GTSRB

  50. Experimental Results: CIFAR-10 Image Classification Network for the CIFAR-10 small images Total params: 1,250,858

  51. Experimental Results: CIFAR-10

  52. Experimental Results: imageNet Image Classification Network for the ImageNet dataset, a large visual database designed for use in visual object recognition software research. Total params: 138,357,544

  53. Experimental Results: ImageNet

  54. Outline Background Challenges for Verification Deep Learning Verification [2] Feature-Guided Black-Box Testing [3] Preliminaries Safety Testing Experimental Results Conclusions and Future Works

  55. Contributions Contributions: ◮ feature guided black-box ◮ theoretical safety guarantee, with evidence of practical convergence ◮ time efficiency, moving towards real-time detection ◮ evaluation of safety-critical systems ◮ counter-claiming a recent statement

  56. Black-box vs. White-box

  57. Human Perception by Feature Extraction Figure: Illustration of the transformation of an image into a saliency distribution. ◮ (a) The original image α , provided by ImageNet. ◮ (b) The image marked with relevant keypoints Λ( α ). ◮ (c) The heatmap of the Gaussian mixture model G (Λ( α )).

  58. Human Perception as Gaussian Mixture Model SIFT: ◮ invariant to image translation, scaling, and rotation, ◮ partially invariant to illumination changes and ◮ robust to local geometric distortion

  59. Pixel Manipulation define pixel manipulations δ X , i : D → D for X ⊆ P 0 a subset of input dimensions and i ∈ I :  α ( x , y , z ) + τ, if ( x , y ) ∈ X and i = +  δ X , i ( α )( x , y , z ) = α ( x , y , z ) − τ, if ( x , y ) ∈ X and i = − α ( x , y , z ) otherwise 

  60. Safety Testing as Two-Player Turn-based Game

  61. Rewards under Strategy Profile σ = ( σ 1 , σ 2 ) ◮ For terminal nodes, ρ ∈ Path F I , 1 R ( σ, ρ ) = sev α ( α ′ ρ ) where sev α ( α ′ ) is severity of an image α ′ , comparing to the original image α ◮ For non-terminal nodes, simply compute the reward by applying suitable strategy σ i on the rewards of the children nodes

Recommend

Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition

Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition

Verification of Robotics and Autonomous Systems Xiaowei Huang Challenges Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition Challenges Approaches Experimental Results Verification in Xiaowei

1.21k views • 99 slides
DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline

DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline

DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline Rise of Deep Learning Methods Deep Learning Systems: Specification Deep Learning Systems: Execution Future of Deep Learning Systems

561 views • 25 slides
EFFECTIVE FACE VERIFICATION SYSTEMS BASED ON THE HISTOGRAM OF ORIENTED GRADIENTS AND DEEP

EFFECTIVE FACE VERIFICATION SYSTEMS BASED ON THE HISTOGRAM OF ORIENTED GRADIENTS AND DEEP

EFFECTIVE FACE VERIFICATION SYSTEMS BASED ON THE HISTOGRAM OF ORIENTED GRADIENTS AND DEEP LEARNING TECHNIQUES Sawitree Khunthi, Pichada Saichua and Olarik Surinta Present at the 14 th International Joint Symposium on Artificial Intelligence and

309 views • 18 slides
Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490 HST.506 Guest Lecturer: Brandon Carter Prof. David Gifford Lecture 5 February 20, 2020 Deep Learning Model Interpretation http://mit6874.github.io 1

826 views • 53 slides
Minjie Wang Deep Learning Deep Learning trend in the past 10 years Caffe State-of-art DL

Minjie Wang Deep Learning Deep Learning trend in the past 10 years Caffe State-of-art DL

Tofu: Parallelizing Deep Learning Systems with Automatic Tiling Minjie Wang Deep Learning Deep Learning trend in the past 10 years Caffe State-of-art DL system is based on dataflow GPU#0 w1 w2 data g1 g2 Forward propagation

405 views • 38 slides
CSE 291D/234 Data Systems for Machine Learning Arun Kumar Topic 2: Deep Learning Systems DL

CSE 291D/234 Data Systems for Machine Learning Arun Kumar Topic 2: Deep Learning Systems DL

CSE 291D/234 Data Systems for Machine Learning Arun Kumar Topic 2: Deep Learning Systems DL book; Chapters 5 and 6 of MLSys book 1 Academic ML 101 Generalized Linear Models (GLMs); from statistics Bayesian Networks ; inspired by causal

1.16k views • 79 slides
From Deep Learning to Deep University: Cognitive Development of Intelligent Systems Mariia

From Deep Learning to Deep University: Cognitive Development of Intelligent Systems Mariia

From Deep Learning to Deep University: Cognitive Development of Intelligent Systems Mariia Golovianko, Svitlana Gryshko & Vagan Terziyan IKC-2017, Gda sk, Poland, 11-12 September 2017 Check updates here:

558 views • 36 slides
Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content contributions: Earlence Fernandes, Kevin Eykholt, Chaowei Xiao, Amir Rahmati, Florian Tramer, Bo Li, Atul Prakash, Tadayoshi Kohno, Dawn Song Deep Learning

556 views • 44 slides
Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

661 views • 28 slides
Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490 HST.506 David Gifford Lecture 20 April 21, 2020 COVID-19 Machine Learning Designed Therapeutics http://mit6874.github.io 1 Overview of todays

1.1k views • 84 slides
Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490

Computational Systems Biology Deep Learning in the Life Sciences 6.802 6.874 20.390 20.490 HST.506 David Gifford Lecture 19 April 16, 2020 Predicting genome editing outcomes with machine learning methods http://mit6874.github.io 1 Poll

666 views • 66 slides
Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Deep 3D Representation Learning for Visual Computing Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms Conclusion 2 Outline Overview of 3D deep learning Background 3D deep learning tasks 3D deep

1.66k views • 122 slides
Collaborative Deep Learning for Recommender Systems Hao Wang Naiyan Wang Dit-Yan Yeung 1

Collaborative Deep Learning for Recommender Systems Hao Wang Naiyan Wang Dit-Yan Yeung 1

Collaborative Deep Learning for Recommender Systems Hao Wang Naiyan Wang Dit-Yan Yeung 1 Motivation Stacked Denoising Autoencoders Probabilistic Matrix Factorization Collaborative Deep Learning Experiments Summary

724 views • 46 slides
ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY MEDIA & ENTERTAINMENT SECURITY & DEFENSE AUTONOMOUS MACHINES Image

307 views • 26 slides
Deep Learning for Automated Systems: From the Warehouse to the Road Dr. Melissa C. Smith Clemson

Deep Learning for Automated Systems: From the Warehouse to the Road Dr. Melissa C. Smith Clemson

Deep Learning for Automated Systems: From the Warehouse to the Road Dr. Melissa C. Smith Clemson University Future Computing Technologies Laboratory Eddie Weill, Sufeng Niu, Colin Targonski, and Ben Shealy Overview Simulation Using deep

672 views • 28 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning

Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning

Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning Methods) Peter Henderson Statistical Society of Canada Annual Meeting 2018 Contributors Riashat Islam Phil Bachman Doina Precup David Meger Joelle

850 views • 37 slides
Overview Background Deep submicron challenges Verification, testing, validation

Overview Background Deep submicron challenges Verification, testing, validation

Paper Review DIVA - A reliable substrate for Deep Submicron Microarchitecture Design - Todd Austin, Univ. of Michigan (1999) ECE1718 MCA - K.P. Tang November 2008 Overview Background Deep submicron challenges Verification,

547 views • 13 slides
High-Performance GPU Programming for Deep Learning 7 April 2016 Scott Gray Nervana Systems

High-Performance GPU Programming for Deep Learning 7 April 2016 Scott Gray Nervana Systems

MAKING MACHINES SMARTER. High-Performance GPU Programming for Deep Learning 7 April 2016 Scott Gray Nervana Systems High-Performance GPU kernels for deep learning Fast matrix multiply for small minibatches Direct convolution

412 views • 24 slides
Image Classification with DIGITS NVIDIA Deep Learning Institute 1 DEEP LEARNING INSTITUTE DLI

Image Classification with DIGITS NVIDIA Deep Learning Institute 1 DEEP LEARNING INSTITUTE DLI

Image Classification with DIGITS NVIDIA Deep Learning Institute 1 DEEP LEARNING INSTITUTE DLI Mission Helping people solve challenging problems using AI and deep learning. Developers, data scientists and engineers Self-driving cars,

1.44k views • 72 slides
Mad Max: Affine Spline Insights into Deep Learning Richard Baraniuk expectations time greek

Mad Max: Affine Spline Insights into Deep Learning Richard Baraniuk expectations time greek

Mad Max: Affine Spline Insights into Deep Learning Richard Baraniuk expectations time greek questions for the babylonians Why is deep learning so effective ? Can we derive deep learning systems from first principles ? When and why

1.04k views • 44 slides
Deep Learning in Cloud-Edge AI Systems Wei Wen COMPUTATIONAL EVOLUTIONARY INTELLIGENCE LAB

Deep Learning in Cloud-Edge AI Systems Wei Wen COMPUTATIONAL EVOLUTIONARY INTELLIGENCE LAB

Deep Learning in Cloud-Edge AI Systems Wei Wen COMPUTATIONAL EVOLUTIONARY INTELLIGENCE LAB Electrical and Computing Engineering Department Duke University www.pittnuts.com AI Systems Landing Into the Cloud: Facebook Big Basin Google TPU

2.22k views • 50 slides
Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and

Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and

Deep Neural Networks and Deep Reinforcement Learning Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and Courville [chapt. 6,7,8]; AIMA [sect. 21.1-21.3]; Sutton and Barto, Reinforcement Learning: an

527 views • 35 slides
Natural Language Processing with Deep Learning CS224N The Future of Deep Learning + NLP Kevin

Natural Language Processing with Deep Learning CS224N The Future of Deep Learning + NLP Kevin

Natural Language Processing with Deep Learning CS224N The Future of Deep Learning + NLP Kevin Clark Deep Learning for NLP 5 years ago No Seq2Seq No Attention No large-scale QA/reading comprehension datasets No TensorFlow or

1.41k views • 92 slides

More recommend