POPQORN: Quantifying robustness of recurrent neural networks
The vulnerability to adversarial attacks has been a critical issue for deep neural networks. Addressing this issue requires a reliable way to evaluate the robustness of a network. Recently, several methods have been developed to compute robustness quantification for neural networks, namely, certifie...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
International Machine Learning Society
2021
|
| Online Access: | https://hdl.handle.net/1721.1/130075 |
| _version_ | 1811089283347382272 |
|---|---|
| author | Weng, Tsui-Wei Daniel, Luca |
| author2 | MIT-IBM Watson AI Lab |
| author_facet | MIT-IBM Watson AI Lab Weng, Tsui-Wei Daniel, Luca |
| author_sort | Weng, Tsui-Wei |
| collection | MIT |
| description | The vulnerability to adversarial attacks has been a critical issue for deep neural networks. Addressing this issue requires a reliable way to evaluate the robustness of a network. Recently, several methods have been developed to compute robustness quantification for neural networks, namely, certified lower bounds of the minimum adversarial perturbation. Such methods, however, were devised for feed-forward networks, e.g. multilayer perceptron or convolutional networks. It remains an open problem to quantify robustness for recurrent networks, especially LSTM and GRU. For such networks, there exist additional challenges in computing the robustness quantification, such as handling the inputs at multiple steps and the interaction between gates and states. In this work, we propose POPQORN (Propagated-output Quantified Robustness for RNNs), a general algorithm to quantify robustness of RNNs, including vanilla RNNs, LSTMs, and GRUs. We demonstrate its effectiveness on different network architectures and show that the robustness quantification on individual steps can lead to new insights. |
| first_indexed | 2024-09-23T14:16:45Z |
| format | Article |
| id | mit-1721.1/130075 |
| institution | Massachusetts Institute of Technology |
| language | English |
| last_indexed | 2024-09-23T14:16:45Z |
| publishDate | 2021 |
| publisher | International Machine Learning Society |
| record_format | dspace |
| spelling | mit-1721.1/1300752024-06-25T23:32:11Z POPQORN: Quantifying robustness of recurrent neural networks Weng, Tsui-Wei Daniel, Luca MIT-IBM Watson AI Lab Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science The vulnerability to adversarial attacks has been a critical issue for deep neural networks. Addressing this issue requires a reliable way to evaluate the robustness of a network. Recently, several methods have been developed to compute robustness quantification for neural networks, namely, certified lower bounds of the minimum adversarial perturbation. Such methods, however, were devised for feed-forward networks, e.g. multilayer perceptron or convolutional networks. It remains an open problem to quantify robustness for recurrent networks, especially LSTM and GRU. For such networks, there exist additional challenges in computing the robustness quantification, such as handling the inputs at multiple steps and the interaction between gates and states. In this work, we propose POPQORN (Propagated-output Quantified Robustness for RNNs), a general algorithm to quantify robustness of RNNs, including vanilla RNNs, LSTMs, and GRUs. We demonstrate its effectiveness on different network architectures and show that the robustness quantification on individual steps can lead to new insights. SenseTime Artificial intelligence company (CUHK Agreement TS1610626) Hong Kong Research Association. General Research Fund (Projects 14236516, 17246416) 2021-03-04T13:28:23Z 2021-03-04T13:28:23Z 2019-06 2020-12-07T16:13:04Z Article http://purl.org/eprint/type/ConferencePaper 2640-3498 https://hdl.handle.net/1721.1/130075 Ko, Ching-Yun et al. “POPQORN: Quantifying robustness of recurrent neural networks.” Paper in the Proceedings of Machine Learning Research, 97, 36th International conference on machine learning, Long Beach CA, 9-15 June 2019, International Machine Learning Society: 30-39 © 2019 The Author(s) en http://proceedings.mlr.press/v97/ko19a.html Proceedings of Machine Learning Research Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf International Machine Learning Society arXiv |
| spellingShingle | Weng, Tsui-Wei Daniel, Luca POPQORN: Quantifying robustness of recurrent neural networks |
| title | POPQORN: Quantifying robustness of recurrent neural networks |
| title_full | POPQORN: Quantifying robustness of recurrent neural networks |
| title_fullStr | POPQORN: Quantifying robustness of recurrent neural networks |
| title_full_unstemmed | POPQORN: Quantifying robustness of recurrent neural networks |
| title_short | POPQORN: Quantifying robustness of recurrent neural networks |
| title_sort | popqorn quantifying robustness of recurrent neural networks |
| url | https://hdl.handle.net/1721.1/130075 |
| work_keys_str_mv | AT wengtsuiwei popqornquantifyingrobustnessofrecurrentneuralnetworks AT danielluca popqornquantifyingrobustnessofrecurrentneuralnetworks |