关键词: 深度神经网络, 鲁棒性测试, 决策树, 特征归因, 扰动样本

Abstract: With the increasing complexity of the internal structure of deep neural network (DNN) ,it is difficult for people to have an intuitive understanding of its internal operation mechanism,so the probability of model errors is greatly increased.Therefore,an effective DNN robustness test method is needed to solve the trust crisis of the model to ensure the reliability and security of the software system.The existing DNN robustness test methods mostly target the coverage of neurons for generating perturbation samples,without introducing more information about the internal model,resulting in a high degree of perturbation and a large amount of redundancy in the generated perturbation samples,which greatly limits the ability to improve model robustness.A new adversarial example generation method is proposed.Firstly,a decision tree is constructed by the last convolutional layer of the model.The judgment path in the decision tree is regarded as the decision path,and each filter in the path is analyzed to find out the impact factor.Finally,the perturbed samples were generated according to the decision path and impact factors.The test results show that the test samples generated are 78% less than the existing state-of-the-art fuzzing method DLFuzz in terms of perturbation degree on average,and the number of original samples perturbed by our method is 27.7% more on average.

Key words: Deep neural network, Robustness testing, Decision tree, Feature attribution, Perturbed example