BDD4BNN: A BDD-based Quantitative Analysis Framework for Binarized Neural Networks

@inproceedings{Zhang2021BDD4BNNAB,
  title={BDD4BNN: A BDD-based Quantitative Analysis Framework for Binarized Neural Networks},
  author={Yedi Zhang and Zhe Zhao and Guangke Chen and Fu Song and Taolue Chen},
  booktitle={CAV},
  year={2021}
}
Verifying and explaining the behavior of neural networks is becoming increasingly important, especially when they are deployed in safety-critical applications. In this paper, we study verification and interpretability problems for Binarized Neural Networks (BNNs), the 1-bit quantization of general real-numbered neural networks. Our approach is to encode BNNs into Binary Decision Diagrams (BDDs), which is done by exploiting the internal structure of the BNNs. In particular, we translate the… 
AS2T: Arbitrary Source-To-Target Adversarial Attack on Speaker Recognition Systems
TLDR
This work presents AS2T, the first attack in this domain which covers all the settings, thus allows the adversary to craft adversarial voices using arbitrary source and target speakers for any of three main recognition tasks and sheds light on future directions of adversarial attacks in the speaker recognition domain.
Readle: A Formal Framework for Designing AI-based Edge Systems
TLDR
A new systematic, extendable, manual approach, R EADLE, is proposed for creating representations of specifications in edge intelligent systems, capturing constraints in the edge system design space and constraint in the deep learning space in a coherent fashion.
Eager Falsification for Accelerating Robustness Verification of Deep Neural Networks
TLDR
This paper proposes eager falsification to accelerate the robustness verification of DNNs and integrates it into four state-of-the-art verification tools, i.e., MIPVerify, Neurify, DeepZ, and DeepPoly, and conducts extensive experiments on 8 benchmark datasets.
ESampler: Efficient Sampling of Satisfying Assignments for Boolean Formulas
TLDR
This work proposes a novel approach to derive a large set of satisfying assignments from a given one in an efficient way and implements this approach as an open-source tool ESampler and conducts extensive experiments on real-world benchmarks.
Adversarial Attacks on ML Defense Models Competition
TLDR
The participants were encouraged to develop stronger white-box attack algorithms to find the worst-case robustness of different defenses and established a new adversarial robustness benchmark at https://ml.cs.tsinghua.edu.cn/ ares-bench/, which allows users to upload adversarial attack algorithms and defense models for evaluation.
Attack as defense: characterizing adversarial examples using robustness
TLDR
This work proposes a novel defense framework, named attack as defense (A2D), to detect adversarial examples by effectively evaluating an example’s robustness, and shows that A2D is more effective than recent promising approaches.
Taking Care of The Discretization Problem: A Comprehensive Study of the Discretization Problem and A Black-Box Adversarial Attack in Discrete Integer Domain
TLDR
This work proposes a black-box method which reduces the adversarial example searching problem to a derivative-free optimization problem and achieves significantly higher success rate in terms of adversarial examples in the discrete integer domain than recent black- box methods.

References

SHOWING 1-10 OF 80 REFERENCES
Quantitative Verification of Neural Networks and Its Security Applications
TLDR
This paper proposes a novel and principled framework to quantitative verification of logical properties specified over neural networks, and is the first to provide PAC-style soundness guarantees, in that its quantitative estimates are within a controllable and bounded error from the true count.
Cudd: Cu decision diagram package
  • 2015
Branch and Bound for Piecewise Linear Neural Network Verification
TLDR
A family of algorithms based on Branch-and-Bound (BaB), which identifies new methods that combine the strengths of multiple existing approaches, accomplishing significant performance improvements over previous state of the art and introduces an effective branching strategy on ReLU non-linearities.
Formal Analysis of Deep Binarized Neural Networks
TLDR
This work designs a framework for analysis of properties of neural networks that can be represented and analyzed using well-developed means of Boolean Satisfiability and Integer Linear Programming and presents an exact representation of a binarized neural network as a Boolean formula.
Verifying Properties of Binarized Deep Neural Networks
TLDR
This paper proposes a rigorous way of verifying properties of a popular class of neural networks, Binarized Neural Networks, using the well-developed means of Boolean satisfiability, and creates a construction that creates a representation of a binarized neural network as a Boolean formula.
How Many Bits Does it Take to Quantize Your Neural Network?
Scalable Verification of Quantized Neural Networks (Technical Report)
TLDR
This paper shows that verifying the bit-exact implementation of quantized neural networks with bit-vector specifications is PSPACE-hard, even though verifying idealized real-valued networks and satisfiability of bit- vector specifications alone are each in NP, and explores several practical heuristics toward closing the complexity gap between idealized and bit-Exact verification.
Verifying ReLU Neural Networks from a Model Checking Perspective
TLDR
This paper shows that the model checking algorithm for the Σ2 ∪ Π2 fragment of ReTL, which can express properties such as output reachability, is decidable in EXPSPACE.
PRODeep: a platform for robustness verification of deep neural networks
TLDR
PRODeep is presented, a platform for robustness verification of DNNs that incorporates constraint-based, abstraction- based, and optimisation-based robustness checking algorithms and has a modular architecture, enabling easy comparison of different algorithms.
An SMT-Based Approach for Verifying Binarized Neural Networks
TLDR
Various optimizations are proposed, integrated into the authors' SMT procedure as deduction steps, as well as an approach for parallelizing verification queries, for verifying binarized neural networks.
...
...