논문 제목: NNrepair: Constraint-based Repair of Neural Network Classifiers
📕 Summary
Abstract
- NNrepair is a technique for repairing neural network classifiers by identifying faulty network parameters and applying small modifications to fix them.
- It improves the overall accuracy of models, fixes security vulnerabilities caused by poisoned training data, and enhances the network's robustness against adversarial attacks
Introduction
-
Neural networks are widely used in various applications, but they can have defects that need repair, such as low accuracy, vulnerability to adversarial attacks, or poisoning of training data .
-
Traditional methods like retraining can be difficult and expensive, resulting in a network that is different from the original one
-
The paper introduces NNrepair, a novel constraint-solving based approach for repairing neural networks in three scenarios: improving overall accuracy, fixing security vulnerabilities caused by poisoned data, and enhancing robustness against adversarial attacks
-
NNrepair uses fault localization to identify potentially faulty network parameters and applies constraint solving to make small modifications to remedy the defects
-
The focus is on repairing the learnable parameters of the neural network model, specifically the weights on the edges connecting neurons
-
The evaluation on MNIST and CIFAR-10 models shows that NNrepair significantly improves accuracy on poisoned and adversarial data, as well as providing small improvements in overall accuracy without requiring new data or re-training
📕 Solution
- NNrepair is a constraint-based technique that uses fault localization to identify potentially faulty network parameters and applies constraint solving to make small modifications to remedy the defects.
- The technique incorporates strategies such as inferring correctness specifications for intermediate layer repair and generating experts for each class.
- NNrepair is implemented in the NNrepair tool pipeline, which is based on NeuroSPF. It translates a trained Keras model into Java, uses Symbolic PathFinder (SPF) for concolic execution, and z3 for constraint solving.
- The evaluation of NNrepair is conducted on MNIST and CIFAR-10 models, using two architectures for MNIST and a 15-layer CNN for CIFAR-10. The results are presented in Table 2, showing the improvement in accuracy obtained over the original models for different repair scenarios.
Algorithm
Overview of the approach
two types of NN-REPAIR
1. Intermediate-layer repair
2. Last-layter repair
4.1. Intermediate-layer repair
4.2. Last-layter repair
three scenarios: improving the overall accuracy, fixing security vulnerabilities caused by data poisoning and improving the adversarial robustness of the networks
Inference time comparison (Naive Combination Strategy)
📕 Conclusion
Summary of NN-REPAIR performance on all models
Contribution
- The paper introduces NNrepair, a constraint-based technique for repairing neural network classifiers, addressing three scenarios: improving overall accuracy, fixing security vulnerabilities caused by poisoned data, and enhancing robustness against adversarial attacks.
- NNrepair uses fault localization to identify potentially faulty network parameters and applies constraint solving to make small modifications to remedy the defects.
- The technique incorporates novel strategies such as inferring correctness specifications for intermediate layer repair and generating experts for each class.
- Evaluation on MNIST and CIFAR-10 models demonstrates that NNrepair significantly improves accuracy on poisoned and adversarial data, as well as providing small improvements in overall accuracy without requiring new data or re-training.
- NNrepair contributes to the field of neural network repair by providing a precise yet efficient approach to fixing network logic and enhancing the performance and security of neural network classifiers.
