Jelenlegi hely
Kutatószeminárium
Neural networks are able to classify data with great efficiency. Research showed that in many cases networks with good test accuracy are vulnerable to perturbations around samples. These inputs are close to a correctly classified sample, for example a well learned sample from the teaching set. Multiple algorithms exist to search for these incorrectly labeled perturbations, however they cannot be trusted in practice. We showcase MIPVerify; a verification algorithm that is fast and accepted by the community, but vulnerable to numeric attacks. We modified the open source code such that it utilizes a sound algorithm in key points of the verification.
The original implementation used the Gurobi MILP solver, we replaced it with the SCIP-ex algorithm. The resulting system is more robust to numerical attacks, however there is a great cost for numerical stability. Verification times of neural networks with thousands of neurons increased from a few seconds to weeks. In some cases verification times only increased moderately, it is still sensible to measure them in seconds. Small, safety critical networks can benefit from the modified algorithm.