Loading…

IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks

Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the pri...

Full description

Saved in:
Bibliographic Details
Published in:ACM transactions on software engineering and methodology 2024-11
Main Authors: Xie, Ruilin, Chen, Xiang, He, Qifan, Li, Bixin, Cui, Zhanqi
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3
container_end_page
container_issue
container_start_page
container_title ACM transactions on software engineering and methodology
container_volume
creator Xie, Ruilin
Chen, Xiang
He, Qifan
Li, Bixin
Cui, Zhanqi
description Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism.
doi_str_mv 10.1145/3705301
format article
fullrecord <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3705301</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3705301</sourcerecordid><originalsourceid>FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3</originalsourceid><addsrcrecordid>eNo9kL1PwzAUxC0EEqUgdiZvTAG_2CE2WxTREqmCJQNb9BzbUiB1KjsF9b8n_YDp7t776YYj5BbYA4DIHnnOMs7gjMwgy_Ik5yo9nzwTKuEcPi7JVYyfjAFnqZgRXRV1_UwrP9qwCXbEsRs8LTz2u9hFqjFaQ-uAPjobUPeW1jaOdGn9FA-sGwItB_899Nt9xp6-2W04yPgzhK94TS4c9tHenHRO6sVLXb4mq_dlVRarBKWAxGjHAR1IMKlQAlFpq6TLIZUaOROynU4GnGFKaCFSKZkRmVX4lDqpGfI5uT_WtmGIMVjXbEK3xrBrgDX7ZZrTMhN5dySxXf9Df89fvzdfCQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</title><source>Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)</source><creator>Xie, Ruilin ; Chen, Xiang ; He, Qifan ; Li, Bixin ; Cui, Zhanqi</creator><creatorcontrib>Xie, Ruilin ; Chen, Xiang ; He, Qifan ; Li, Bixin ; Cui, Zhanqi</creatorcontrib><description>Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism.</description><identifier>ISSN: 1049-331X</identifier><identifier>EISSN: 1557-7392</identifier><identifier>DOI: 10.1145/3705301</identifier><language>eng</language><publisher>New York, NY: ACM</publisher><subject>Computing methodologies ; Neural networks ; Software and its engineering ; Software defect analysis ; Software testing and debugging ; Transfer learning</subject><ispartof>ACM transactions on software engineering and methodology, 2024-11</ispartof><rights>Copyright held by the owner/author(s).</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3</cites><orcidid>0009-0003-7976-1928 ; 0009-0009-5842-802X ; 0000-0002-1180-3891 ; 0000-0001-9916-4790 ; 0000-0002-5537-9236</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,777,781,27905,27906</link.rule.ids></links><search><creatorcontrib>Xie, Ruilin</creatorcontrib><creatorcontrib>Chen, Xiang</creatorcontrib><creatorcontrib>He, Qifan</creatorcontrib><creatorcontrib>Li, Bixin</creatorcontrib><creatorcontrib>Cui, Zhanqi</creatorcontrib><title>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</title><title>ACM transactions on software engineering and methodology</title><addtitle>ACM TOSEM</addtitle><description>Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism.</description><subject>Computing methodologies</subject><subject>Neural networks</subject><subject>Software and its engineering</subject><subject>Software defect analysis</subject><subject>Software testing and debugging</subject><subject>Transfer learning</subject><issn>1049-331X</issn><issn>1557-7392</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNo9kL1PwzAUxC0EEqUgdiZvTAG_2CE2WxTREqmCJQNb9BzbUiB1KjsF9b8n_YDp7t776YYj5BbYA4DIHnnOMs7gjMwgy_Ik5yo9nzwTKuEcPi7JVYyfjAFnqZgRXRV1_UwrP9qwCXbEsRs8LTz2u9hFqjFaQ-uAPjobUPeW1jaOdGn9FA-sGwItB_899Nt9xp6-2W04yPgzhK94TS4c9tHenHRO6sVLXb4mq_dlVRarBKWAxGjHAR1IMKlQAlFpq6TLIZUaOROynU4GnGFKaCFSKZkRmVX4lDqpGfI5uT_WtmGIMVjXbEK3xrBrgDX7ZZrTMhN5dySxXf9Df89fvzdfCQ</recordid><startdate>20241126</startdate><enddate>20241126</enddate><creator>Xie, Ruilin</creator><creator>Chen, Xiang</creator><creator>He, Qifan</creator><creator>Li, Bixin</creator><creator>Cui, Zhanqi</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0009-0003-7976-1928</orcidid><orcidid>https://orcid.org/0009-0009-5842-802X</orcidid><orcidid>https://orcid.org/0000-0002-1180-3891</orcidid><orcidid>https://orcid.org/0000-0001-9916-4790</orcidid><orcidid>https://orcid.org/0000-0002-5537-9236</orcidid></search><sort><creationdate>20241126</creationdate><title>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</title><author>Xie, Ruilin ; Chen, Xiang ; He, Qifan ; Li, Bixin ; Cui, Zhanqi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computing methodologies</topic><topic>Neural networks</topic><topic>Software and its engineering</topic><topic>Software defect analysis</topic><topic>Software testing and debugging</topic><topic>Transfer learning</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Xie, Ruilin</creatorcontrib><creatorcontrib>Chen, Xiang</creatorcontrib><creatorcontrib>He, Qifan</creatorcontrib><creatorcontrib>Li, Bixin</creatorcontrib><creatorcontrib>Cui, Zhanqi</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on software engineering and methodology</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Xie, Ruilin</au><au>Chen, Xiang</au><au>He, Qifan</au><au>Li, Bixin</au><au>Cui, Zhanqi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks</atitle><jtitle>ACM transactions on software engineering and methodology</jtitle><stitle>ACM TOSEM</stitle><date>2024-11-26</date><risdate>2024</risdate><issn>1049-331X</issn><eissn>1557-7392</eissn><abstract>Convolutional neural networks (CNNs) have been widely used in various fields. However, it is essential to perform sufficient testing to detect internal defects before deploying CNNs, especially in security-sensitive scenarios. Generating error-inducing inputs to trigger erroneous behavior is the primary way to detect CNN model defects. However, in practice, when the model under test is a black-box CNN model without accessible internal information, in some scenarios it is still necessary to generate high-quality test inputs within a limited testing budget. In such a new scenario, a potential approach is to generate transferable test inputs by analyzing the internal knowledge of other white-box CNN models similar to the model under test, and then use transferable test inputs to test the black-box CNN model. The main challenge in generating transferable test inputs is how to improve their error-inducing capability for different CNN models without changing the test oracle. We found that different CNN models make predictions based on features of similar important regions in images. Adding targeted perturbations to important regions will generate transferable test inputs with high realism. Therefore, we propose the Interpretable Analysis based Transferable Test Generation method for CNNs (IATT), which employs interpretation methods of CNN models to explain and localize important regions in test inputs, using backpropagation optimizer and perturbation mask process to add targeted perturbations to these important regions, thereby generating transferable test inputs. This process is repeated to iteratively optimize the transferability and realism of the test inputs. To verify the effectiveness of IATT, we perform experimental studies on nine deep learning models, including ResNet-50 and Vit-B/16, and commercial computer vision system Google Cloud Vision, and compared our method with four state-of-the-art baseline methods. Experimental results show that transferable test inputs generated by IATT can effectively cause black-box target models to output incorrect results. Compared to existing testing and adversarial attack methods, the average error-inducing success rate (ESR) in different testing scenarios is 18.1% \(\sim\) 52.7% greater than the baseline methods. Additionally, the test inputs generated by IATT achieve high ESR while maintaining high realism.</abstract><cop>New York, NY</cop><pub>ACM</pub><doi>10.1145/3705301</doi><orcidid>https://orcid.org/0009-0003-7976-1928</orcidid><orcidid>https://orcid.org/0009-0009-5842-802X</orcidid><orcidid>https://orcid.org/0000-0002-1180-3891</orcidid><orcidid>https://orcid.org/0000-0001-9916-4790</orcidid><orcidid>https://orcid.org/0000-0002-5537-9236</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1049-331X
ispartof ACM transactions on software engineering and methodology, 2024-11
issn 1049-331X
1557-7392
language eng
recordid cdi_crossref_primary_10_1145_3705301
source Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)
subjects Computing methodologies
Neural networks
Software and its engineering
Software defect analysis
Software testing and debugging
Transfer learning
title IATT: Interpretation Analysis based Transferable Test Generation for Convolutional Neural Networks
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T07%3A17%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=IATT:%20Interpretation%20Analysis%20based%20Transferable%20Test%20Generation%20for%20Convolutional%20Neural%20Networks&rft.jtitle=ACM%20transactions%20on%20software%20engineering%20and%20methodology&rft.au=Xie,%20Ruilin&rft.date=2024-11-26&rft.issn=1049-331X&rft.eissn=1557-7392&rft_id=info:doi/10.1145/3705301&rft_dat=%3Cacm_cross%3E3705301%3C/acm_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a841-dbf31af181d2494aa9be98f7128ba3048caa9d1fd094b442880d45e9a62f8b0a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true