VNN: Verification-Friendly Neural Networks with Hard Robustness Guarantees

TL;DR

A post-training optimization framework is presented to achieve a balance between preserving prediction performance and verification-friendliness and results in VNNs that are comparable to the original DNNs in terms of prediction performance, while amenable to formal verification techniques.

Abstract

Machine learning techniques often lack formal correctness guarantees, evidenced by the widespread adversarial examples that plague most deep-learning applications. This lack of formal guarantees resulted in several research efforts that aim at verifying Deep Neural Networks (DNNs), with a particular focus on safety-critical applications. However, formal verification techniques still face major scalability and precision challenges. The over-approximation introduced during the formal verification process to tackle the scalability challenge often results in inconclusive analysis. To address this challenge, we propose a novel framework to generate Verification-Friendly Neural Networks (VNNs). We present a post-training optimization framework to achieve a balance between preserving prediction performance and verification-friendliness. Our proposed framework results in VNNs that are comparable to the original DNNs in terms of prediction performance, while amenable to formal verification techniques. This essentially enables us to establish robustness for more VNNs than their DNN counterparts, in a time-efficient manner.

Figures (7)

• Figure 1: Verified robustness (%) of the MNIST dataset w.r.t. different values of perturbations for original and their corresponding using ERAN and SafeDeep.
• Figure 2: Comparison with state of the art: and manngaard2018structural.
• Figure 3: Comparison with state of the art: ugare2022proof.
• Figure 4: The effect of $\epsilon$ for different network structures.
• Figure 5: Comparison of -trained networks DeepPoly with -enhanced networks.