CAGFuzz: Coverage-Guided Adversarial Generative Fuzzing Testing for Image-Based Deep Learning Systems

被引:15
作者
Zhang, Pengcheng [1 ,2 ]
Ren, Bin [1 ,2 ]
Dong, Hai [3 ]
Dai, Qiyin [1 ,2 ]
机构
[1] Hohai Univ, Key Lab Water Big Data Technol, Minist Water Resources, Nanjing 210098, Peoples R China
[2] Hohai Univ, Coll Comp & Informat, Nanjing 210098, Peoples R China
[3] RMIT Univ, Sch Comp Technol, Melbourne, Vic 3000, Australia
来源
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING | 2022年 / 48卷 / 11期
关键词
Testing; Fuzzing; Generators; Neurons; Feature extraction; Perturbation methods; Semantics; Deep neural network; fuzz testing; adversarial example; coverage criteria;
D O I
10.1109/TSE.2021.3124006
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Deep Neural Network (DNN) driven technologies have been extensively employed in various aspects of our life. Nevertheless, the applied DNN always fails to detect erroneous behaviors, which may lead to serious problems. Several approaches have been proposed to enhance adversarial examples for automatically testing deep learning (DL) systems, such as image-based DL systems. However, the approaches contain the following two limitations. First, existing approaches only take into account small perturbations on adversarial examples, they design and generate adversarial examples for a certain particular DNN model. This might hamper the transferability of the examples for other DNN models. Second, they only use shallow features (e.g., pixel-level features) to judge the differences between the generated adversarial examples and the original examples. The deep features, which contain high-level semantic information, such as image object categories and scene semantics, are completely neglected. To address these two problems, we propose CAGFuzz, a Coverage-guided Adversarial Generative Fuzzing testing approach for image-based DL systems. CAGFuzz is able to generate adversarial examples for mainstream DNN models to discover their potential errors. First, we train an Adversarial Example Generator (AEG) based on general datasets. AEG only considers the data characteristics to alleviate the transferability problem. Second, we extract the deep features of the original and adversarial examples, and constrain the adversarial examples by cosine similarity to ensure that the deep features of the adversarial examples remain unchanged. Finally, we use the adversarial examples to retrain the models. Based on several standard datasets, we design a set of dedicated experiments to evaluate CAGFuzz. The experimental results show that CAGFuzz can detect more hidden errors, enhance the accuracy of the target DNN models, and generate adversarial examples with higher transferability.
引用
收藏
页码:4630 / 4646
页数:17
相关论文
共 71 条
[1]  
Nguyen A, 2015, PROC CVPR IEEE, P427, DOI 10.1109/CVPR.2015.7298640
[2]  
[Anonymous], 2017, IEEE I CONF COMP VIS, DOI DOI 10.1109/ICCV.2017.244
[3]  
[Anonymous], 2017, An Adaptive Switching Method for Sum Rate Maximization in Downlink MISONOMA Systems
[4]   Neural Codes for Image Retrieval [J].
Babenko, Artem ;
Slesarev, Anton ;
Chigorin, Alexandr ;
Lempitsky, Victor .
COMPUTER VISION - ECCV 2014, PT I, 2014, 8689 :584-599
[5]   Software testing research: Achievements, challenges, dreams [J].
Bertolino, Antonia .
FOSE 2007: FUTURE OF SOFTWARE ENGINEERING, 2007, :85-103
[6]   Towards Evaluating the Robustness of Neural Networks [J].
Carlini, Nicholas ;
Wagner, David .
2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2017, :39-57
[7]  
Chen SZ, 2022, Arxiv, DOI arXiv:2102.10343
[8]   Active Fuzzing for Testing and Securing Cyber-Physical Systems [J].
Chen, Yuqi ;
Xuan, Bohan ;
Poskitt, Christopher M. ;
Sun, Jun ;
Zhang, Fan .
PROCEEDINGS OF THE 29TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, ISSTA 2020, 2020, :14-26
[9]  
Chollet F., 2018, KERAS APPL
[10]   The MNIST database of handwritten digit images for machine learning research [J].
Deng, Li .
IEEE Signal Processing Magazine, 2012, 29 (06) :141-142
12345678