bei Google ScholarTitelangaben
Richter, Rónán R.C. ; Rambau, Jörg:
Towards Analyzing DNNs by Robust Adversarial Examples created with MILPs.
2024
Veranstaltung: 33rd European Conference on Operational Research
, 30.06.-03.07.2024
, Kopenhagen.
(Veranstaltungsbeitrag: Kongress/Konferenz/Symposium/Tagung
,
Vortrag
)
Abstract
The interest in the use of Deep Neutral Networks (DNNs) has grown rapidly over the last few years. As an increasing number of people and businesses are using DNN-based systems and governments start to take actions to regulate the use of artificial intelligence, there is a growing demand for methods to analyze the trustworthiness of a DNN and the limits of its application. One classical illustration for showing weaknesses of DNNs, especially in the context of image recognition, are Adversarial Examples. These are slightly modified versions of input data, that lead a DNN into wrong classifications. As Fischetti and Jo (2018) have shown, Adversarial Examples can be generated by using mathematical programming methods. Thus, these Adversarial Examples are provably optimal in respect to a given criterion, e.g. the distance to some given input data. However, the structure of these examples highly depends on the parameters of the network. To address this point, we will present a mixed-integer programming model for generating Adversarial Examples, that are robust with respect to small changes in the weights and biases of a DNN. For relaxations of the model, we will illustrate the impact of robustification on Adversarial Examples. Furthermore, we present experimental results on the influence of training data on the distance of Adversarial Examples and on the transferability of our examples.