Detecting Operational Adversarial Examples for Reliable Deep Learning
This work addresses the dependability of deep learning for safety-critical systems, offering an incremental improvement by incorporating operational profiles into adversarial example detection.
The paper tackles the problem of improving the reliability of deep learning in critical applications by introducing 'operational adversarial examples'—those likely to occur in real-world use—and proposes a new testing method to detect them, aiming to enhance delivered reliability by focusing testing efforts on realistic scenarios.
The utilisation of Deep Learning (DL) raises new challenges regarding its dependability in critical applications. Sound verification and validation methods are needed to assure the safe and reliable use of DL. However, state-of-the-art debug testing methods on DL that aim at detecting adversarial examples (AEs) ignore the operational profile, which statistically depicts the software's future operational use. This may lead to very modest effectiveness on improving the software's delivered reliability, as the testing budget is likely to be wasted on detecting AEs that are unrealistic or encountered very rarely in real-life operation. In this paper, we first present the novel notion of "operational AEs" which are AEs that have relatively high chance to be seen in future operation. Then an initial design of a new DL testing method to efficiently detect "operational AEs" is provided, as well as some insights on our prospective research plan.