References & Citations
Computer Science > Computation and Language
Title: RNN-Test: Adversarial Testing Framework for Recurrent Neural Network Systems
(Submitted on 11 Nov 2019 (this version), latest version 8 Jan 2021 (v2))
Abstract: While huge efforts have been investigated in the adversarial testing of convolutional neural networks (CNN), the testing for recurrent neural networks (RNN) is still limited to the classification context and leave threats for vast sequential application domains. In this work, we propose a generic adversarial testing framework RNN-Test. First, based on the distinctive structure of RNNs, we define three novel coverage metrics to measure the testing completeness and guide the generation of adversarial inputs. Second, we propose the state inconsistency orientation to generate the perturbations by maximizing the inconsistency of the hidden states of RNN cells. Finally, we combine orientations with coverage guidance to produce minute perturbations. Given the RNN model and the sequential inputs, RNN-Test will modify one character or one word out of the whole inputs based on the perturbations obtained, so as to lead the RNN to produce wrong outputs. For evaluation, we apply RNN-Test on two models of common RNN structure - the PTB language model and the spell checker model. RNN-Test efficiently reduces the performance of the PTB language model by increasing its test perplexity by 58.11%, and finds numbers of incorrect behaviors of the spell checker model with the success rate of 73.44% on average. With our customization, RNN-Test using the redefined neuron coverage as guidance could achieve 35.71% higher perplexity than original strategy of DeepXplore.
Submission history
From: Jianmin Guo [view email][v1] Mon, 11 Nov 2019 05:30:53 GMT (4149kb,D)
[v2] Fri, 8 Jan 2021 03:28:00 GMT (4192kb,D)
Link back to: arXiv, form interface, contact.