Research Seminar by Jingyi Wang | VeRe: Verification-Guided Synthesis for Repairing Deep Neural Networks

VeRe: Verification-Guided Synthesis for Repairing Deep Neural Networks

Neural networks have achieved significant success in many domains. However, before deployment in safety-critical systems, neural networks must undergo rigorous validation to ensure reliable decision-making under all operational and even adversarial conditions (e.g., presence of backdoor attacks). Furthermore, there is a need to repair the neural networks to satisfy these needs when they do not. In this talk, I will introduce VeRe, a formal verification-based neural network repair technique, which performs verification-guided targeted repair on neural networks that fail to satisfy specified properties (e.g., safety requirements, absence of backdoors). Specifically, VeRe performs fault localization based on linear relaxation to symbolically calculate the repair significance of neurons and furthermore optimize the parameters of problematic neurons to repair erroneous behaviors. VeRe is evaluated on various repair tasks. For the task of removing backdoors, VeRe successfully reduces attack success rate from 98.47% to 0.38% on average, while causing an average performance drop of 0.9%. For the task of repairing safety properties, VeRe successfully repairs all the 36 safety properties and achieves 99.87% generalization on average.

About the Speaker