Tighter Truncated Rectangular Prism Approximation for RNN Robustness Verification
This work addresses the challenge of rigorous robustness verification for RNNs, which is crucial for safety-critical applications, though it appears incremental as it builds on existing linear approximation methods.
The paper tackles the problem of over-approximation in robustness verification for Recurrent Neural Networks (RNNs) by proposing a novel truncated rectangular prism method to tightly enclose nonlinear activation surfaces, resulting in significant improvements in verification accuracy across tasks like image classification, speech recognition, and sentiment analysis.
Robustness verification is a promising technique for rigorously proving Recurrent Neural Networks (RNNs) robustly. A key challenge is to over-approximate the nonlinear activation functions with linear constraints, which can transform the verification problem into an efficiently solvable linear programming problem. Existing methods over-approximate the nonlinear parts with linear bounding planes individually, which may cause significant over-estimation and lead to lower verification accuracy. In this paper, in order to tightly enclose the three-dimensional nonlinear surface generated by the Hadamard product, we propose a novel truncated rectangular prism formed by two linear relaxation planes and a refinement-driven method to minimize both its volume and surface area for tighter over-approximation. Based on this approximation, we implement a prototype DeepPrism for RNN robustness verification. The experimental results demonstrate that \emph{DeepPrism} has significant improvement compared with the state-of-the-art approaches in various tasks of image classification, speech recognition and sentiment analysis.