RoMA: A Method for Neural Network Robustness Measurement and Assessment

Natan Levy; Guy Katz

doi:10.1007/978-981-99-1639-9_8

RoMA: A Method for Neural Network Robustness Measurement and Assessment

Natan Levy^*, Guy Katz

^*Corresponding author for this work

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Neural network models have become the leading solution for a large variety of tasks, such as classification, natural language processing, and others. However, their reliability is heavily plagued by adversarial inputs: inputs generated by adding tiny perturbations to correctly-classified inputs, and for which the neural network produces erroneous results. In this paper, we present a new method called Robustness Measurement and Assessment (RoMA), which measures the robustness of a neural network model against such adversarial inputs. Specifically, RoMA determines the probability that a random input perturbation might cause misclassification. The method allows us to provide formal guarantees regarding the expected frequency of errors that a trained model will encounter after deployment. The type of robustness assessment afforded by RoMA is inspired by state-of-the-art certification practices, and could constitute an important step toward integrating neural networks in safety-critical systems.

Original language	American English
Title of host publication	Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings
Editors	Mohammad Tanveer, Sonali Agarwal, Seiichi Ozawa, Asif Ekbal, Adam Jatowt
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	92-105
Number of pages	14
ISBN (Print)	9789819916382
DOIs	https://doi.org/10.1007/978-981-99-1639-9_8
State	Published - 2023
Event	29th International Conference on Neural Information Processing, ICONIP 2022 - Virtual, Online Duration: 22 Nov 2022 → 26 Nov 2022

Publication series

Name	Communications in Computer and Information Science
Volume	1791 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	29th International Conference on Neural Information Processing, ICONIP 2022
City	Virtual, Online
Period	22/11/22 → 26/11/22

Bibliographical note

Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

Keywords

Adversarial examples
Certification
Neural networks
Robustness

Access to Document

10.1007/978-981-99-1639-9_8

Cite this

Levy, N., & Katz, G. (2023). RoMA: A Method for Neural Network Robustness Measurement and Assessment. In M. Tanveer, S. Agarwal, S. Ozawa, A. Ekbal, & A. Jatowt (Eds.), Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings (pp. 92-105). (Communications in Computer and Information Science; Vol. 1791 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-99-1639-9_8

Levy, Natan ; Katz, Guy. / RoMA : A Method for Neural Network Robustness Measurement and Assessment. Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings. editor / Mohammad Tanveer ; Sonali Agarwal ; Seiichi Ozawa ; Asif Ekbal ; Adam Jatowt. Springer Science and Business Media Deutschland GmbH, 2023. pp. 92-105 (Communications in Computer and Information Science).

@inproceedings{bebc7e44e3124e4799546f933ae5b15f,

title = "RoMA: A Method for Neural Network Robustness Measurement and Assessment",

abstract = "Neural network models have become the leading solution for a large variety of tasks, such as classification, natural language processing, and others. However, their reliability is heavily plagued by adversarial inputs: inputs generated by adding tiny perturbations to correctly-classified inputs, and for which the neural network produces erroneous results. In this paper, we present a new method called Robustness Measurement and Assessment (RoMA), which measures the robustness of a neural network model against such adversarial inputs. Specifically, RoMA determines the probability that a random input perturbation might cause misclassification. The method allows us to provide formal guarantees regarding the expected frequency of errors that a trained model will encounter after deployment. The type of robustness assessment afforded by RoMA is inspired by state-of-the-art certification practices, and could constitute an important step toward integrating neural networks in safety-critical systems.",

keywords = "Adversarial examples, Certification, Neural networks, Robustness",

author = "Natan Levy and Guy Katz",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 29th International Conference on Neural Information Processing, ICONIP 2022 ; Conference date: 22-11-2022 Through 26-11-2022",

year = "2023",

doi = "10.1007/978-981-99-1639-9_8",

language = "American English",

isbn = "9789819916382",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "92--105",

editor = "Mohammad Tanveer and Sonali Agarwal and Seiichi Ozawa and Asif Ekbal and Adam Jatowt",

booktitle = "Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings",

address = "Germany",

}

Levy, N & Katz, G 2023, RoMA: A Method for Neural Network Robustness Measurement and Assessment. in M Tanveer, S Agarwal, S Ozawa, A Ekbal & A Jatowt (eds), Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings. Communications in Computer and Information Science, vol. 1791 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 92-105, 29th International Conference on Neural Information Processing, ICONIP 2022, Virtual, Online, 22/11/22. https://doi.org/10.1007/978-981-99-1639-9_8

RoMA: A Method for Neural Network Robustness Measurement and Assessment. / Levy, Natan; Katz, Guy.
Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings. ed. / Mohammad Tanveer; Sonali Agarwal; Seiichi Ozawa; Asif Ekbal; Adam Jatowt. Springer Science and Business Media Deutschland GmbH, 2023. p. 92-105 (Communications in Computer and Information Science; Vol. 1791 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - RoMA

T2 - 29th International Conference on Neural Information Processing, ICONIP 2022

AU - Levy, Natan

AU - Katz, Guy

PY - 2023

Y1 - 2023

N2 - Neural network models have become the leading solution for a large variety of tasks, such as classification, natural language processing, and others. However, their reliability is heavily plagued by adversarial inputs: inputs generated by adding tiny perturbations to correctly-classified inputs, and for which the neural network produces erroneous results. In this paper, we present a new method called Robustness Measurement and Assessment (RoMA), which measures the robustness of a neural network model against such adversarial inputs. Specifically, RoMA determines the probability that a random input perturbation might cause misclassification. The method allows us to provide formal guarantees regarding the expected frequency of errors that a trained model will encounter after deployment. The type of robustness assessment afforded by RoMA is inspired by state-of-the-art certification practices, and could constitute an important step toward integrating neural networks in safety-critical systems.

AB - Neural network models have become the leading solution for a large variety of tasks, such as classification, natural language processing, and others. However, their reliability is heavily plagued by adversarial inputs: inputs generated by adding tiny perturbations to correctly-classified inputs, and for which the neural network produces erroneous results. In this paper, we present a new method called Robustness Measurement and Assessment (RoMA), which measures the robustness of a neural network model against such adversarial inputs. Specifically, RoMA determines the probability that a random input perturbation might cause misclassification. The method allows us to provide formal guarantees regarding the expected frequency of errors that a trained model will encounter after deployment. The type of robustness assessment afforded by RoMA is inspired by state-of-the-art certification practices, and could constitute an important step toward integrating neural networks in safety-critical systems.

KW - Adversarial examples

KW - Certification

KW - Neural networks

KW - Robustness

UR - http://www.scopus.com/inward/record.url?scp=85161705013&partnerID=8YFLogxK

U2 - 10.1007/978-981-99-1639-9_8

DO - 10.1007/978-981-99-1639-9_8

M3 - Conference contribution

AN - SCOPUS:85161705013

SN - 9789819916382

T3 - Communications in Computer and Information Science

SP - 92

EP - 105

BT - Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings

A2 - Tanveer, Mohammad

A2 - Agarwal, Sonali

A2 - Ozawa, Seiichi

A2 - Ekbal, Asif

A2 - Jatowt, Adam

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 22 November 2022 through 26 November 2022

ER -

Levy N, Katz G. RoMA: A Method for Neural Network Robustness Measurement and Assessment. In Tanveer M, Agarwal S, Ozawa S, Ekbal A, Jatowt A, editors, Neural Information Processing - 29th International Conference, ICONIP 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 92-105. (Communications in Computer and Information Science). doi: 10.1007/978-981-99-1639-9_8