Fast Robustness Prediction for Deep Neural Network

Deep neural networks (DNNs) have achieved impressive performance in many difficult tasks. However, DNN models are essentially uninterpretable to humans, and unfortunately prone to adversarial attacks, which hinders their adoption in security and safety-critical scenarios. The robustness of a DNN model, which measures its stableness against adversarial attacks, becomes an important topic in both the machine learning and the software engineering communities. Analytical evaluation of DNN robustness is difficult due to the high-dimensionality of inputs, the huge amount of parameters, and the nonlinear network structure. In practice, the degree of robustness of DNNs is empirically approximated with adversarial searching, which is computationally expensive and cannot be applied in resource constrained settings such as embedded computing. In this paper, we propose to predict the robustness of a DNN model for each input with another DNN model, which takes the output of neurons of the former model as input. We train a regression model to encode the connections between output of the penultimate layer of a DNN model and its robustness. With this trained model, the robustness for an input can be predicted instantaneously. Experiments with MNIST and CIFAR10 datasets and LeNet, VGG and ResNet DNN models were conducted to evaluate the efficacy of the proposed approach. The results indicated that our approach achieved 0.05-0.21 mean absolute errors and significantly outperformed confidence and surprise adequacy-based approaches.