POPQORN: Quantifying robustness of recurrent neural networks

The vulnerability to adversarial attacks has been a critical issue for deep neural networks. Addressing this issue requires a reliable way to evaluate the robustness of a network. Recently, several methods have been developed to compute robustness quantification for neural networks, namely, certifie...

Full description

Bibliographic Details
Main Authors: Weng, Tsui-Wei (Author), Daniel, Luca (Author)
Format: Article
Language:English
Published: International Machine Learning Society, 2021-03-04T13:28:23Z.
Subjects:
Online Access:Get fulltext
LEADER 01762 am a22001813u 4500
001 130075
042 |a dc 
100 1 0 |a Weng, Tsui-Wei  |e author 
700 1 0 |a Daniel, Luca  |e author 
245 0 0 |a POPQORN: Quantifying robustness of recurrent neural networks 
260 |b International Machine Learning Society,   |c 2021-03-04T13:28:23Z. 
856 |z Get fulltext  |u https://hdl.handle.net/1721.1/130075 
520 |a The vulnerability to adversarial attacks has been a critical issue for deep neural networks. Addressing this issue requires a reliable way to evaluate the robustness of a network. Recently, several methods have been developed to compute robustness quantification for neural networks, namely, certified lower bounds of the minimum adversarial perturbation. Such methods, however, were devised for feed-forward networks, e.g. multilayer perceptron or convolutional networks. It remains an open problem to quantify robustness for recurrent networks, especially LSTM and GRU. For such networks, there exist additional challenges in computing the robustness quantification, such as handling the inputs at multiple steps and the interaction between gates and states. In this work, we propose POPQORN (Propagated-output Quantified Robustness for RNNs), a general algorithm to quantify robustness of RNNs, including vanilla RNNs, LSTMs, and GRUs. We demonstrate its effectiveness on different network architectures and show that the robustness quantification on individual steps can lead to new insights. 
520 |a SenseTime Artificial intelligence company (CUHK Agreement TS1610626) 
520 |a Hong Kong Research Association. General Research Fund (Projects 14236516, 17246416) 
546 |a en 
655 7 |a Article 
773 |t Proceedings of Machine Learning Research