Sensitive Samples Revisited: Detecting Neural Network Attacks Using Constraint Solvers

Amel Nestor Docena
(Northeastern University)
Thomas Wahl
(Northeastern University)
Trevor Pearce
(Northeastern University)
Yunsi Fei
(Northeastern University)

Neural Networks are used today in numerous security- and safety-relevant domains and are, as such, a popular target of attacks that subvert their classification capabilities, by manipulating the network parameters. Prior work has introduced sensitive samples–inputs highly sensitive to parameter changes–to detect such manipulations, and proposed a gradient ascent-based approach to compute them. In this paper we offer an alternative, using symbolic constraint solvers. We model the network and a formal specification of a sensitive sample in the language of the solver and ask for a solution. This approach supports a rich class of queries, corresponding, for instance, to the presence of certain types of attacks. Unlike earlier techniques, our approach does not depend on convex search domains, or on the suitability of a starting point for the search. We address the performance limitations of constraint solvers by partitioning the search space for the solver, and exploring the partitions according to a balanced schedule that still retains completeness of the search. We demonstrate the impact of the use of solvers in terms of functionality and search efficiency, using a case study for the detection of Trojan attacks on Neural Networks.

In Temur Kutsia: Proceedings of the 9th International Symposium on Symbolic Computation in Software Science (SCSS 2021), Hagenberg, Austria, September 8-10, 2021, Electronic Proceedings in Theoretical Computer Science 342, pp. 35–48.
Published: 6th September 2021.

ArXived at: http://dx.doi.org/10.4204/EPTCS.342.4 bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org