Artificial Neural Networks (ANNs) are being deployed on an increasing number of safety-critical applications, including autonomous cars and medical diagnosis. However, concerns about their reliability have been raised due to their black-box nature and apparent fragility to adversarial attacks. Here, we develop and evaluate a symbolic verification framework using incremental model checking (IMC) and satisfiability modulo theories (SMT) to check for vulnerabilities in ANNs. More specifically, we propose several ANN-related optimizations for IMC, including invariant inference via interval analysis and the discretization of non-linear activation functions. With this, we can provide guarantees on the safe behavior of ANNs implemented both in floating-point and fixed-point (quantized) arithmetic. In this regard, our verification approach was able to verify and produce adversarial examples for 52 test cases spanning image classification and general machine learning applications. For small- to medium-sized ANN, our approach completes most of its verification runs in minutes. Moreover, in contrast to most state-of-the-art methods, our approach is not restricted to specific choices of activation functions or non-quantized representations.

中文翻译：

---

使用基于 SMT 的模型检查验证量化神经网络

人工神经网络 (ANN) 正在越来越多的安全关键应用中部署，包括自动驾驶汽车和医疗诊断。然而，由于它们的黑盒性质和对抗性攻击的明显脆弱性，人们对它们的可靠性表示担忧。在这里，我们使用增量模型检查 (IMC) 和可满足性模理论 (SMT) 开发和评估符号验证框架来检查 ANN 中的漏洞。更具体地说，我们为 IMC 提出了几种与 ANN 相关的优化，包括通过区间分析的不变推理和非线性激活函数的离散化。有了这个，我们可以保证在浮点和定点（量化）算法中实现的 ANN 的安全行为。在这方面，我们的验证方法能够为跨越图像分类和一般机器学习应用的 52 个测试用例验证和生成对抗性示例。对于中小型 ANN，我们的方法可在几分钟内完成大部分验证运行。此外，与大多数最先进的方法相比，我们的方法不限于激活函数或非量化表示的特定选择。