Enumerating Safe Regions in Deep Neural Networks with Provable Probabilistic Guarantees
This work addresses the need for trust in DNN-based systems by providing a new verification approach, though it is incremental as it builds on existing verification methods.
The paper tackles the AllDNN-Verification problem by introducing epsilon-ProVe, an efficient approximation method that enumerates safe regions in deep neural networks with provable probabilistic guarantees, showing scalability and effectiveness on standard benchmarks.
Identifying safe areas is a key point to guarantee trust for systems that are based on Deep Neural Networks (DNNs). To this end, we introduce the AllDNN-Verification problem: given a safety property and a DNN, enumerate the set of all the regions of the property input domain which are safe, i.e., where the property does hold. Due to the #P-hardness of the problem, we propose an efficient approximation method called epsilon-ProVe. Our approach exploits a controllable underestimation of the output reachable sets obtained via statistical prediction of tolerance limits, and can provide a tight (with provable probabilistic guarantees) lower estimate of the safe areas. Our empirical evaluation on different standard benchmarks shows the scalability and effectiveness of our method, offering valuable insights for this new type of verification of DNNs.