ADVREPAIR:Provable Repair of Adversarial Attack
Chi, Zhiming, Ma, Jianan, Yang, Pengfei, Huang, Cheng-Chao, Li, Renjue, Huang, Xiaowei, Zhang, Lijun
–arXiv.org Artificial Intelligence
Deep neural networks (DNNs) are increasingly deployed in safety-critical domains, but their vulnerability to adversarial attacks poses serious safety risks. Existing neuron-level methods using limited data lack efficacy in fixing adversaries due to the inherent complexity of adversarial attack mechanisms, while adversarial training, leveraging a large number of adversarial samples to enhance robustness, lacks provability. In this paper, we propose ADVREPAIR, a novel approach for provable repair of adversarial attacks using limited data. By utilizing formal verification, ADVREPAIR constructs patch modules that, when integrated with the original network, deliver provable and specialized repairs within the robustness neighborhood. Additionally, our approach incorporates a heuristic mechanism for assigning patch modules, allowing this defense against adversarial attacks to generalize to other inputs. ADVREPAIR demonstrates superior efficiency, scalability and repair success rate. Different from existing DNN repair methods, our repair can generalize to general inputs, thereby improving the robustness of the neural network globally, which indicates a significant breakthrough in the generalization capability of ADVREPAIR.
arXiv.org Artificial Intelligence
Apr-2-2024
- Country:
- Africa
- Ethiopia > Addis Ababa
- Addis Ababa (0.04)
- Rwanda > Kigali
- Kigali (0.04)
- Ethiopia > Addis Ababa
- Asia
- China
- Beijing > Beijing (0.04)
- Jiangsu Province > Nanjing (0.04)
- Zhejiang Province > Hangzhou (0.04)
- India > Maharashtra
- Pune (0.04)
- Macao (0.04)
- Middle East
- Israel > Haifa District
- Haifa (0.04)
- Jordan (0.04)
- Republic of Türkiye > Istanbul Province
- Istanbul (0.04)
- Israel > Haifa District
- China
- Europe
- Germany > Baden-Württemberg
- Karlsruhe Region > Heidelberg (0.04)
- Greece > Central Macedonia
- Thessaloniki (0.04)
- Middle East > Republic of Türkiye
- Istanbul Province > Istanbul (0.04)
- Portugal > Porto
- Porto (0.04)
- Spain > Galicia
- Madrid (0.04)
- Sweden > Stockholm
- Stockholm (0.04)
- United Kingdom > England
- Greater London > London (0.04)
- Merseyside > Liverpool (0.04)
- Germany > Baden-Württemberg
- North America
- Canada
- British Columbia > Metro Vancouver Regional District
- Vancouver (0.04)
- Quebec > Montreal (0.04)
- British Columbia > Metro Vancouver Regional District
- United States
- California
- Los Angeles County
- Long Beach (0.04)
- Los Angeles (0.14)
- San Diego County > San Diego (0.04)
- Los Angeles County
- Hawaii > Honolulu County
- Honolulu (0.04)
- Louisiana > Orleans Parish
- New Orleans (0.04)
- New York
- Bronx County > New York City (0.04)
- Kings County > New York City (0.04)
- New York County > New York City (0.04)
- Queens County > New York City (0.04)
- Richmond County > New York City (0.04)
- Pennsylvania > Allegheny County
- Pittsburgh (0.04)
- Virginia > Newport News (0.04)
- California
- Canada
- Africa
- Genre:
- Research Report > Promising Solution (0.48)
- Industry:
- Government > Military (1.00)
- Information Technology > Security & Privacy (1.00)
- Technology: