Predicted Robustness as QoS for Deep Neural Network Models  被引量：1

作　　者：Yue-Huan Wang Ze-Nan Li Jing-Wei Xu Ping Yu Taolue Chen Xiao-Xing Ma 

机构地区：[1]State Key Laboratory for Novel Software Technology,Nanjing University,Nanjing 210023,China [2]Department of Computer Science,University of Surrey,Guilford,GU27XH,U.K.

出　　处：《Journal of Computer Science & Technology》2020年第5期999-1015,共17页计算机科学技术学报（英文版）

基　　金：supported by the National Basic Research 973 Program of China under Grant No.2015CB352202;the National Natural Science Foundation of China under Grant Nos.61690204,61802170,and 61872340;the Guangdong Science and Technology Department under Grant No.2018B010107004;the Natural Science Foundation of Guangdong Province of China under Grant No.2019A1515011689;the Overseas Grant of the State Key Laboratory of Novel Software Technology under Grant No.KFKT2018A16。

摘　　要：The adoption of deep neural network(DNN)model as the integral part of real-world software systems necessitates explicit consideration of their quality-of-service(QoS).It is well-known that DNN models are prone to adversarial attacks,and thus it is vitally important to be aware of how robust a modeFs prediction is for a given input instance.A fragile prediction,even with high confidence,is not trustworthy in light of the possibility of adversarial attacks.We propose that DNN models should produce a robustness value as an additional QoS indicator,along with the confidence value,for each prediction they make.Existing approaches for robustness computation are based on adversarial searching,which are usually too expensive to be excised in real time.In this paper,we propose to predict,rather than to compute,the robustness measure for each input instance.Specifically,our approach inspects the output of the neurons of the target model and trains another DNN model to predict the robustness.We focus on convolutional neural network(CNN)models in the current research.Experiments show that our approach is accurate,with only 10%-34%additional errors compared with the offline heavy-weight robustness analysis.It also significantly outperforms some alternative methods.We further validate the effectiveness of the approach when it is applied to detect adversarial attacks and out-of-distribution input.Our approach demonstrates a better performance than,or at least is comparable to,the state-of-the-art techniques.

关 键 词：deep neural network quality of service ROBUSTNESS PREDICTION 

分 类 号：TP183[自动化与计算机技术—控制理论与控制工程]