Robustness Verification Boosting for Deep Neural Networks

Deep Neural Network (DNN) is a widely used deep learning technique, and ensuring the safety of DNN-based systems is a critical and challenging problem. Robustness is an important safety property of DNN. However, existing work of verifying DNN's robustness is time-consuming and hard to scale. In this paper, we propose a boosting method for the falsification in DNN robustness verification, which aims to find counter-examples earlier. Our observation is that different inputs to a DNN have different possibilities of existing counter-examples around them, and in particular, the input with a small difference between the largest and the second largest output values tends to be the Achilles heel of the DNN. We have implemented our method and applied it on two state-of-the-art DNN verification tools and four DNN attacking methods. The results of the experiments on two benchmarks indicate the effectiveness of our boosting method.