Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Constraint-based Adversarial Example Synthesis

Fang Yu, Ya-Yu Chi, Yu-Fang Chen

TL;DR

This work addresses the vulnerability of neural networks to adversarial perturbations by introducing constraint-based adversarial example synthesis through an extended PyCT concolic-testing tool. By supporting floating-point computation, activation functions, and diverse network components, and by leveraging DeepSHAP to focus perturbations on influential input features, the approach enables targeted, efficient exploration of NN decision boundaries. Empirical results across CNN, RNN/LSTM, and sequential tasks (stock trading and IMDb) demonstrate that constraint-based synthesis can reveal adversarial inputs with favorable trade-offs between success rate and computation, while also providing insights into how different constraint-solving orders and SHAP-guided targeting affect performance. The work underscores the importance of rigorous, scalable testing for securing Python-based AI systems and offers a path toward more robust adversarial defense strategies in practice.

Abstract

In the era of rapid advancements in artificial intelligence (AI), neural network models have achieved notable breakthroughs. However, concerns arise regarding their vulnerability to adversarial attacks. This study focuses on enhancing Concolic Testing, a specialized technique for testing Python programs implementing neural networks. The extended tool, PyCT, now accommodates a broader range of neural network operations, including floating-point and activation function computations. By systematically generating prediction path constraints, the research facilitates the identification of potential adversarial examples. Demonstrating effectiveness across various neural network architectures, the study highlights the vulnerability of Python-based neural network models to adversarial attacks. This research contributes to securing AI-powered applications by emphasizing the need for robust testing methodologies to detect and mitigate potential adversarial threats. It underscores the importance of rigorous testing techniques in fortifying neural network models for reliable applications in Python.

Constraint-based Adversarial Example Synthesis

TL;DR

This work addresses the vulnerability of neural networks to adversarial perturbations by introducing constraint-based adversarial example synthesis through an extended PyCT concolic-testing tool. By supporting floating-point computation, activation functions, and diverse network components, and by leveraging DeepSHAP to focus perturbations on influential input features, the approach enables targeted, efficient exploration of NN decision boundaries. Empirical results across CNN, RNN/LSTM, and sequential tasks (stock trading and IMDb) demonstrate that constraint-based synthesis can reveal adversarial inputs with favorable trade-offs between success rate and computation, while also providing insights into how different constraint-solving orders and SHAP-guided targeting affect performance. The work underscores the importance of rigorous, scalable testing for securing Python-based AI systems and offers a path toward more robust adversarial defense strategies in practice.

Abstract

In the era of rapid advancements in artificial intelligence (AI), neural network models have achieved notable breakthroughs. However, concerns arise regarding their vulnerability to adversarial attacks. This study focuses on enhancing Concolic Testing, a specialized technique for testing Python programs implementing neural networks. The extended tool, PyCT, now accommodates a broader range of neural network operations, including floating-point and activation function computations. By systematically generating prediction path constraints, the research facilitates the identification of potential adversarial examples. Demonstrating effectiveness across various neural network architectures, the study highlights the vulnerability of Python-based neural network models to adversarial attacks. This research contributes to securing AI-powered applications by emphasizing the need for robust testing methodologies to detect and mitigate potential adversarial threats. It underscores the importance of rigorous testing techniques in fortifying neural network models for reliable applications in Python.
Paper Structure (38 sections, 2 theorems, 11 equations, 7 figures, 6 tables, 8 algorithms)

This paper contains 38 sections, 2 theorems, 11 equations, 7 figures, 6 tables, 8 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Concolic Testing
  4. Coverage-guided Testing on Neural Network
  5. Adversarial Attack
  6. A Running Example On RNN
  7. Methodology
  8. PyCT
  9. The process of attacking DNN
  10. Target variable selection policies
  11. Concolic Testing
  12. Adversarial attack synthesis
  13. The implementation of DNN layer
  14. Activation Layer
  15. Convolutional Layer
  16. ...and 23 more sections

Key Result

Lemma 4.1

For all $n \geq 1$ and $0 < x < 1$:

Figures (7)

  • Figure 1: A simple RNN model.
  • Figure 2: Tree $T$ after $1^{st}$ iteration.
  • Figure 3: Queue $Q$ after $1^{st}$ iteration.
  • Figure 4: Tree $T$ after $2^{nd}$ iteration.
  • Figure 5: Queue $Q$ after $2^{nd}$ iteration.
  • ...and 2 more figures

Theorems & Definitions (2)

  • Lemma 4.1
  • Corollary 4.2