Robustness evaluation for deep neural networks via mutation decision boundaries analysis

While recent years have witnessed the power of deep neural networks in representation learning, it is well known that their robustness is a congenital defect. Formal verification sheds some light to tackle this issue, which achieves it by a rigorous mathematical reasoning. Nevertheless, such technique still suffers from the efficiency and scalability problems. In light of this, we develop a novel solution to make a pre-analysis before performing verification. Specifically, we argue that the points near the actual decision boundary of the neural network are more likely to not satisfy robustness. As such, we focus on locating unstable points in the input set, instead of point-by-point verification. Borrowing from mutation testing, we adopt the analysis of the mutation decision boundaries to evaluate the local robustness of the inputs. Also, we design a robustness metric to guide the selection of unstable points. Then, the effective adversarial examples can be generated by perturbing these unstable points. We conduct extensive experiments on two neural network verification benchmarks, demonstrating the rationality, effectiveness and efficiency improvement of our solution. (C) 2022 Elsevier Inc. All rights reserved.