bei Google ScholarTitelangaben
Rambau, Jörg ; Richter, Rónán R.C.:
Towards Creating Robust Adversarial Examples for DNNs by MILPs.
2024
Veranstaltung: International Conference on Operations Research - OR 2024
, 03.-06. September 2024
, München.
(Veranstaltungsbeitrag: Kongress/Konferenz/Symposium/Tagung
,
Vortrag
)
Abstract
Deep Neutral Networks (DNNs) have been gaining more and more attention during the last few years. As a growing number of companies and customers begin to use DNN-based systems, governments have taken first actions into regulating AI-applications’ use. Thus, there also is an increasing interest for methods to analyze the trustworthiness of a DNN and its results along with the limits of its applications.
A long-established demonstration of the shortcomings of DNNs is an Adversarial Examples. Adversarial Examples are marginally alternated versions of regular input data, that lead a DNN into wrong answers. Fischetti and Jo (2018) have shown, that such Adversarial Examples can be systematically generated by using mathematical programming. The application of their method allows to find Adversarial Examples, that are provably optimal in respect to a given criterion, e.g. the distance to some given input. However, such examples are tailored to one specific DNN and its parameters and may therefore not work for slightly different DNNs. Working in the direction of addressing this point, we are giving a mixed-integer programming model for generating Adversarial Examples, that incorporate robustness to small changes in the weights and biases of a DNN. For reasons of solvability, we will initially illustrate the impact of robustification using relaxations of the model. Additionally, we will present experimental results on the influence of various factors, e.g. selection of training data or structure of the DNN, on the transferability of our Adversarial Examples.