Fast and Precise Certification of Transformers

被引：12

作者：

Bonaert, Gregory ^{[1
]}

Dimitrov, Dimitar, I ^{[1
]}

Baader, Maximilian ^{[1
]}

Vechev, Martin ^{[1
]}

机构：

[1] Swiss Fed Inst Technol, Zurich, Switzerland

来源：

PROCEEDINGS OF THE 42ND ACM SIGPLAN INTERNATIONAL CONFERENCE ON PROGRAMMING LANGUAGE DESIGN AND IMPLEMENTATION (PLDI '21) | 2021年

关键词：

Abstract Interpretation; Robustness Certification; Deep Learning; Adversarial attacks; Transformer Networks;

D O I：

10.1145/3453483.3454056

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We present DeepT, a novel method for certifying Transformer networks based on abstract interpretation. The key idea behind DeepT is our new Multi-norm Zonotope abstract domain, an extension of the classical Zonotope designed to handle l(1) and l(2)-norm bound perturbations. We introduce all Multi-norm Zonotope abstract transformers necessary to handle these complex networks, including the challenging softmax function and dot product. Our evaluation shows that DeepT can certify average robustness radii that are 28x larger than the state-of-the-art, while scaling favorably. Further, for the first time, we certify Transformers against synonym attacks on long sequences of words, where each word can be replaced by any synonym. DeepT achieves a high certification success rate on sequences of words where enumeration-based verification would take 2 to 3 orders of magnitude more time.

引用

页码：466 / 481

页数：16

共 62 条

[31]

Li Bai, 2018, ARXIV180903113

[32] Semi-Supervised Graph Classification: A Hierarchical Graph Perspective [J].

Li, Jia ;

Rong, Yu ;

Cheng, Hong ;

Meng, Helen ;

Huang, Wenbing ;

Huang, Junzhou .

WEB CONFERENCE 2019: PROCEEDINGS OF THE WORLD WIDE WEB CONFERENCE (WWW 2019), 2019, :972-982

[33] TEXTBUGGER: Generating Adversarial Text Against Real-world Applications [J].

Li, Jinfeng ;

Ji, Shouling ;

Du, Tianyu ;

Li, Bo ;

Wang, Ting .

26TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2019), 2019,

[34]

Li Liunian Harold, 2019, arXiv

[35]

Liang B, 2018, PROCEEDINGS OF THE TWENTY-SEVENTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, P4208

[36] Swin Transformer: Hierarchical Vision Transformer using Shifted Windows [J].

Liu, Ze ;

Lin, Yutong ;

Cao, Yue ;

Hu, Han ;

Wei, Yixuan ;

Zhang, Zheng ;

Lin, Stephen ;

Guo, Baining .

2021 IEEE/CVF INTERNATIONAL CONFERENCE ON COMPUTER VISION (ICCV 2021), 2021, :9992-10002

[37]

Mirman M, 2018, PR MACH LEARN RES, V80

[38]

Mirman Matthew, 2019, ABS190312519

[39] Towards Verifying Robustness of Neural Networks Against A Family of Semantic Perturbations [J].

Mohapatra, Jeet ;

Weng, Tsui-Wei ;

Chen, Pin-Yu ;

Liu, Sijia ;

Daniel, Luca .

2020 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2020, :241-249

[40]

Mueller Mark Niklas, 2021, INT C LEARN REPR

← 1 2 3 4 5 6 7 →