Loading…
IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks
Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the pri...
Saved in:
Published in: | ACM transactions on software engineering and methodology 2024-11 |
---|---|
Main Authors: | , , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
cited_by | |
---|---|
cites | cdi_FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3 |
container_end_page | |
container_issue | |
container_start_page | |
container_title | ACM transactions on software engineering and methodology |
container_volume | |
creator | Xie, Ruilin Chen, Xiang He, Qifan Li, Bixin Cui, Zhanqi |
description | Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism. |
doi_str_mv | 10.1145/3705301 |
format | article |
fullrecord | <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3705301</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3705301</sourcerecordid><originalsourceid>FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3</originalsourceid><addsrcrecordid>eNo9kL1PwzAUxC0EEqUgdiZvTAG_2CE2WxTREqmCJQNb9BzbUiB1KjsF9b8n_YDp7t776YYj5BbYA4DIHnnOMs7gjMwgy_Ik5yo9nzwTKuEcPi7JVYyfjAFnqZgRXRV1_UwrP9qwCXbEsRs8LTz2u9hFqjFaQ-uAPjobUPeW1jaOdGn9FA-sGwItB_899Nt9xp6-2W04yPgzhK94TS4c9tHenHRO6sVLXb4mq_dlVRarBKWAxGjHAR1IMKlQAlFpq6TLIZUaOROynU4GnGFKaCFSKZkRmVX4lDqpGfI5uT_WtmGIMVjXbEK3xrBrgDX7ZZrTMhN5dySxXf9Df89fvzdfCQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</title><source>Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)</source><creator>Xie, Ruilin ; Chen, Xiang ; He, Qifan ; Li, Bixin ; Cui, Zhanqi</creator><creatorcontrib>Xie, Ruilin ; Chen, Xiang ; He, Qifan ; Li, Bixin ; Cui, Zhanqi</creatorcontrib><description>Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism.</description><identifier>ISSN: 1049-331X</identifier><identifier>EISSN: 1557-7392</identifier><identifier>DOI: 10.1145/3705301</identifier><language>eng</language><publisher>New York, NY: ACM</publisher><subject>Computing methodologies ; Neural networks ; Software and its engineering ; Software defect analysis ; Software testing and debugging ; Transfer learning</subject><ispartof>ACM transactions on software engineering and methodology, 2024-11</ispartof><rights>Copyright held by the owner/author(s).</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3</cites><orcidid>0009-0003-7976-1928 ; 0009-0009-5842-802X ; 0000-0002-1180-3891 ; 0000-0001-9916-4790 ; 0000-0002-5537-9236</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,777,781,27905,27906</link.rule.ids></links><search><creatorcontrib>Xie, Ruilin</creatorcontrib><creatorcontrib>Chen, Xiang</creatorcontrib><creatorcontrib>He, Qifan</creatorcontrib><creatorcontrib>Li, Bixin</creatorcontrib><creatorcontrib>Cui, Zhanqi</creatorcontrib><title>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</title><title>ACM transactions on software engineering and methodology</title><addtitle>ACM TOSEM</addtitle><description>Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism.</description><subject>Computing methodologies</subject><subject>Neural networks</subject><subject>Software and its engineering</subject><subject>Software defect analysis</subject><subject>Software testing and debugging</subject><subject>Transfer learning</subject><issn>1049-331X</issn><issn>1557-7392</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNo9kL1PwzAUxC0EEqUgdiZvTAG_2CE2WxTREqmCJQNb9BzbUiB1KjsF9b8n_YDp7t776YYj5BbYA4DIHnnOMs7gjMwgy_Ik5yo9nzwTKuEcPi7JVYyfjAFnqZgRXRV1_UwrP9qwCXbEsRs8LTz2u9hFqjFaQ-uAPjobUPeW1jaOdGn9FA-sGwItB_899Nt9xp6-2W04yPgzhK94TS4c9tHenHRO6sVLXb4mq_dlVRarBKWAxGjHAR1IMKlQAlFpq6TLIZUaOROynU4GnGFKaCFSKZkRmVX4lDqpGfI5uT_WtmGIMVjXbEK3xrBrgDX7ZZrTMhN5dySxXf9Df89fvzdfCQ</recordid><startdate>20241126</startdate><enddate>20241126</enddate><creator>Xie, Ruilin</creator><creator>Chen, Xiang</creator><creator>He, Qifan</creator><creator>Li, Bixin</creator><creator>Cui, Zhanqi</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0009-0003-7976-1928</orcidid><orcidid>https://orcid.org/0009-0009-5842-802X</orcidid><orcidid>https://orcid.org/0000-0002-1180-3891</orcidid><orcidid>https://orcid.org/0000-0001-9916-4790</orcidid><orcidid>https://orcid.org/0000-0002-5537-9236</orcidid></search><sort><creationdate>20241126</creationdate><title>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</title><author>Xie, Ruilin ; Chen, Xiang ; He, Qifan ; Li, Bixin ; Cui, Zhanqi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computing methodologies</topic><topic>Neural networks</topic><topic>Software and its engineering</topic><topic>Software defect analysis</topic><topic>Software testing and debugging</topic><topic>Transfer learning</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Xie, Ruilin</creatorcontrib><creatorcontrib>Chen, Xiang</creatorcontrib><creatorcontrib>He, Qifan</creatorcontrib><creatorcontrib>Li, Bixin</creatorcontrib><creatorcontrib>Cui, Zhanqi</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on software engineering and methodology</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Xie, Ruilin</au><au>Chen, Xiang</au><au>He, Qifan</au><au>Li, Bixin</au><au>Cui, Zhanqi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</atitle><jtitle>ACM transactions on software engineering and methodology</jtitle><stitle>ACM TOSEM</stitle><date>2024-11-26</date><risdate>2024</risdate><issn>1049-331X</issn><eissn>1557-7392</eissn><abstract>Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism.</abstract><cop>New York, NY</cop><pub>ACM</pub><doi>10.1145/3705301</doi><orcidid>https://orcid.org/0009-0003-7976-1928</orcidid><orcidid>https://orcid.org/0009-0009-5842-802X</orcidid><orcidid>https://orcid.org/0000-0002-1180-3891</orcidid><orcidid>https://orcid.org/0000-0001-9916-4790</orcidid><orcidid>https://orcid.org/0000-0002-5537-9236</orcidid><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1049-331X |
ispartof | ACM transactions on software engineering and methodology, 2024-11 |
issn | 1049-331X 1557-7392 |
language | eng |
recordid | cdi_crossref_primary_10_1145_3705301 |
source | Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list) |
subjects | Computing methodologies Neural networks Software and its engineering Software defect analysis Software testing and debugging Transfer learning |
title | IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks |
url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T07%3A17%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=IATT:%20Interpretation%20Analysis%20based%20Transferable%20Test%20Generation%20for%20Convolutional%20Neural%20Networks&rft.jtitle=ACM%20transactions%20on%20software%20engineering%20and%20methodology&rft.au=Xie,%20Ruilin&rft.date=2024-11-26&rft.issn=1049-331X&rft.eissn=1557-7392&rft_id=info:doi/10.1145/3705301&rft_dat=%3Cacm_cross%3E3705301%3C/acm_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |