Towards Practical Verification of Machine Learning: The Case of Computer Vision Systems

Pei, Kexin; Cao, Yinzhi; Yang, Junfeng; Jana, Suman

doi:10.48550/arxiv.1712.01785

Cited by 33 publications

(35 citation statements)

References 31 publications

(51 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They report a significant performance drop of an object detection model when evaluated on corrupted data. Pei et al [2017] introduce VeriVis, a framework to evaluate the security and robustness of different object recognition models using real-world image corruptions such as brightness, contrast, rotations, smoothing, blurring, and others.…”

Section: Contributionsmentioning

confidence: 99%

Benchmarking Robustness in Object Detection: Autonomous Driving when Winter is Coming

Michaelis¹,

Mitzkus²,

Geirhos³

et al. 2019

Preprint

View full text Add to dashboard Cite

The ability to detect objects regardless of image distortions or weather conditions is crucial for real-world applications of deep learning like autonomous driving. We here provide an easy-to-use benchmark to assess how object detection models perform when image quality degrades. The three resulting benchmark datasets, termed Pascal-C, Coco-C and Cityscapes-C, contain a large variety of image corruptions. We show that a range of standard object detection models suffer a severe performance loss on corrupted images (down to 30-60% of the original performance). However, a simple data augmentation trick-stylizing the training images-leads to a substantial increase in robustness across corruption type, severity and dataset. We envision our comprehensive benchmark to track future progress towards building robust object detection models. Benchmark, code and data are available at: http://github.com/bethgelab/robust-detection-benchmark

show abstract

Section: Contributionsmentioning

confidence: 99%

Benchmarking Robustness in Object Detection: Autonomous Driving when Winter is Coming

Michaelis¹,

Mitzkus²,

Geirhos³

et al. 2019

Preprint

View full text Add to dashboard Cite

show abstract

“…Robustness against simple transformations Approaches targeting adversarial accuracy for simple transformations have used attacks and defenses in the spirit of PGD (either on transformation space [11] or on input space projecting to transformation manifold [20]) and simple random or grid search [11,34]. Recent work [10] has also evaluated some rotation-equivariant networks with different training and attack settings which reduces direct comparability with e.g.…”

Section: Related Workmentioning

confidence: 99%

“…Recently, it was observed in [11,13,34,20,14,2] that worst-case prediction performance drops dramatically for neural network classifiers obtained using standard training, even for rather small transformation sets. In this context, we examine the effectiveness of regularization that explicitly encourages the predictor to be constant for transformed versions of the same image, which we refer to as being invariant on the transformation sets.…”

Section: Introductionmentioning

confidence: 99%

Invariance-inducing regularization using worst-case transformations suffices to boost accuracy and spatial robustness

Yang,

Wang,

Heinze-Deml

2019

Preprint

View full text Add to dashboard Cite

This work provides theoretical and empirical evidence that invariance-inducing regularizers can increase predictive accuracy for worst-case spatial transformations (spatial robustness). Evaluated on these adversarially transformed examples, we demonstrate that adding regularization on top of standard or adversarial training reduces the relative error by 20% for CIFAR10 without increasing the computational cost. This outperforms handcrafted networks that were explicitly designed to be spatial-equivariant. Furthermore, we observe for SVHN, known to have inherent variance in orientation, that robust training also improves standard accuracy on the test set. We prove that this no-trade-off phenomenon holds for adversarial examples from transformation groups in the infinite data limit.

show abstract

“…Additionally, as ML algorithms carry uncertainty in their outputs, the benefits of including prediction uncertainty in the overall system specification is an open and under investigation topic [151]. Focusing on invariance specifications, Pei et al [172] decompose safety properties for common real-world image distortions into 12 transformation invariance properties that a ML algorithm should maintain. Based on these specifications, they verify safety properties of the trained model using samples from the target domain.…”

Section: Formal Specificationmentioning

confidence: 99%

Taxonomy of Machine Learning Safety: A Survey and Primer

Mohseni¹,

Wang²,

Yu³

et al. 2021

Preprint

View full text Add to dashboard Cite

The open-world deployment of Machine Learning (ML) algorithms in safety-critical applications such as autonomous vehicles needs to address a variety of ML vulnerabilities such as interpretability, verifiability, and performance limitations. Research explores different approaches to improve ML dependability by proposing new models and training techniques to reduce generalization error, achieve domain adaptation, and detect outlier examples and adversarial attacks. In this paper, we review and organize practical ML techniques that can improve the safety and dependability of ML algorithms and therefore ML-based software. Our organization maps state-of-the-art ML techniques to safety strategies in order to enhance the dependability of the ML algorithm from different aspects, and discuss research gaps as well as promising solutions.

show abstract

Towards Practical Verification of Machine Learning: The Case of Computer Vision Systems

Cited by 33 publications

References 31 publications

Benchmarking Robustness in Object Detection: Autonomous Driving when Winter is Coming

Benchmarking Robustness in Object Detection: Autonomous Driving when Winter is Coming

Invariance-inducing regularization using worst-case transformations suffices to boost accuracy and spatial robustness

Taxonomy of Machine Learning Safety: A Survey and Primer

Contact Info

Product

Resources

About