ADVREPAIR:Provable Repair of Adversarial Attack
Chi, Zhiming, Ma, Jianan, Yang, Pengfei, Huang, Cheng-Chao, Li, Renjue, Huang, Xiaowei, Zhang, Lijun
–arXiv.org Artificial Intelligence
Deep neural networks (DNNs) are increasingly deployed in safety-critical domains, but their vulnerability to adversarial attacks poses serious safety risks. Existing neuron-level methods using limited data lack efficacy in fixing adversaries due to the inherent complexity of adversarial attack mechanisms, while adversarial training, leveraging a large number of adversarial samples to enhance robustness, lacks provability. In this paper, we propose ADVREPAIR, a novel approach for provable repair of adversarial attacks using limited data. By utilizing formal verification, ADVREPAIR constructs patch modules that, when integrated with the original network, deliver provable and specialized repairs within the robustness neighborhood. Additionally, our approach incorporates a heuristic mechanism for assigning patch modules, allowing this defense against adversarial attacks to generalize to other inputs. ADVREPAIR demonstrates superior efficiency, scalability and repair success rate. Different from existing DNN repair methods, our repair can generalize to general inputs, thereby improving the robustness of the neural network globally, which indicates a significant breakthrough in the generalization capability of ADVREPAIR.
arXiv.org Artificial Intelligence
Apr-2-2024
- Country:
- North America
- United States
- Virginia > Newport News (0.04)
- Pennsylvania > Allegheny County
- Pittsburgh (0.04)
- New York
- Richmond County > New York City (0.04)
- Queens County > New York City (0.04)
- New York County > New York City (0.04)
- Kings County > New York City (0.04)
- Bronx County > New York City (0.04)
- Louisiana > Orleans Parish
- New Orleans (0.04)
- Hawaii > Honolulu County
- Honolulu (0.04)
- California
- San Diego County > San Diego (0.04)
- Los Angeles County
- Los Angeles (0.14)
- Long Beach (0.04)
- Canada
- Quebec > Montreal (0.04)
- British Columbia > Metro Vancouver Regional District
- Vancouver (0.04)
- United States
- Europe
- United Kingdom > England
- Merseyside > Liverpool (0.04)
- Greater London > London (0.04)
- Sweden > Stockholm
- Stockholm (0.04)
- Spain > Galicia
- Madrid (0.04)
- Portugal > Porto
- Porto (0.04)
- Middle East > Republic of Türkiye
- Istanbul Province > Istanbul (0.04)
- Greece > Central Macedonia
- Thessaloniki (0.04)
- Germany > Baden-Württemberg
- Karlsruhe Region > Heidelberg (0.04)
- United Kingdom > England
- Asia
- Macao (0.04)
- Middle East
- Jordan (0.04)
- Republic of Türkiye > Istanbul Province
- Istanbul (0.04)
- Israel > Haifa District
- Haifa (0.04)
- India > Maharashtra
- Pune (0.04)
- China
- Beijing > Beijing (0.04)
- Zhejiang Province > Hangzhou (0.04)
- Jiangsu Province > Nanjing (0.04)
- Africa
- Rwanda > Kigali
- Kigali (0.04)
- Ethiopia > Addis Ababa
- Addis Ababa (0.04)
- Rwanda > Kigali
- North America
- Genre:
- Research Report > Promising Solution (0.48)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Government > Military (1.00)
- Technology: