  • 孙朔,严俊,晏荣杰.基于分治法的神经网络修复方法[J].信息安全学报,2023,8(3):27-37    [点击复制]
  • SUN Shuo,YAN Jun,YAN Rongjie.A Neural Network Repair Method Based on Divide-and-Conquer[J].Journal of Cyber Security,2023,8(3):27-37   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭


过刊浏览    高级检索

本文已被:浏览 6493次   下载 4212 本文二维码信息
孙朔1,2, 严俊1,3,2, 晏荣杰3,2
(1.中国科学院软件研究所软件工程技术研究开发中心 北京 中国 100190;2.中国科学院大学 北京 中国 100049;3.计算机科学国家重点实验室 北京 中国 100190)
关键词:  错误修复|神经网络|分治法|约束求解
基金项目:本课题得到国家自然科学基金项目(No. 62132020)和中国科学院前沿科学重点研究计划(No. QYZDJSSW-JSC036)资助。
A Neural Network Repair Method Based on Divide-and-Conquer
SUN Shuo1,2, YAN Jun1,3,2, YAN Rongjie3,2
(1.Technology Center of Software Engineering, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;2.University of Chinese Academy of Sciences, Beijing 100049, China;3.State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China)
As an effective method for solving complex problems, the neural network has been widely used in medical imaging, autonomous driving, and other fields. However, neural networks are very fragile, and adding a tiny perturbation to a sample can cause the neural network to make wrong judgments. When the neural network has erroneous behavior, the common repair method is to retrain or fine-tune the neural network, but these methods require high costs and cannot guarantee complete repair of the erroneous behavior. In this paper, we focus on the problem of the complete repair of neural networks. Given a neural network to be repaired and a target sample set, the problem requires the repaired neural network to exhibit 100% accuracy on the target sample set. In this paper, we propose a neural network repair method based on the idea of divide and conquer. In this method, we continuously divide the target sample set into smaller sets until the sample set reaches an acceptable size and then repair each set obtained by division one by one to obtain a local patch, and finally integrate all the local patches to get a patch for the entire feature space. Experiments on two public datasets demonstrate that our method outperforms current state-of-the-art neural network repair algorithms. For the target sample set generated by the adversarial attack and backdoor attack, our method not only completely repairs the behavior of the neural network on the target sample set but also improves the accuracy of the network on the test set generated by the same attack method by 55.79% and 55.79%, respectively. 60.59%. At the same time, our method can avoid a large reduction in the accuracy of the repaired network on the standard test set.
Key words:  bug fixing|neural network|divide and conquer|constraint solving