Abstract
Deep neural networks (DNNs) are susceptible to adversarial attacks that add perturbations to the input data, leading to misclassification errors and causing machine-learning systems to fail. For defense, adversarial training leverages possible crashing inputs, i.e., adversarial examples; but, the input space of DNNs is enormous and high-dimensional, making it difficult to find in a wide range. Coverage-guided fuzzing is promising in this respect. However, this leaves the question of what coverage metrics are appropriate for DNNs. We observed that the abilities of existing coverage metrics are limited. They lack gradual guidance toward crashes because of a simple search for a wide neuron activation area. None of the existing approaches can simultaneously achieve high crash quantity, high crash diversity, and efficient fuzzing time. Apart from this, the evaluation methodologies adopted by state-of-the-art fuzzers need rigorous improvements. To address these problems, we present a new DNN fuzzer named GradFuzz. Our idea is the gradient vector coverage, which provides gradual guidance to misclassified categories. We implemented our system and performed experiments under rigorous evaluation methodologies. Our evaluation results indicate that GradFuzz outperforms state-of-the-art DNN fuzzers: GradFuzz can locate a more diverse set of errors, beneficial to adversarial training, on the MNIST and CIFAR-10 datasets without sacrificing both crash quantity and fuzzing efficiency.
| Original language | English |
|---|---|
| Pages (from-to) | 165-180 |
| Number of pages | 16 |
| Journal | Neurocomputing |
| Volume | 522 |
| DOIs | |
| Publication status | Published - 2023 Feb 14 |
Bibliographical note
Funding Information:This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2019R1A2C1088802) and by Institute for Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government (MSIT) (No.2018–0-00513, Machine Learning Based Automation of Vulnerability Detection on Unix-based Kernel). The authors thank Prof. Lei Ma for sharing his DeepHunter code to foster this study. Prof. Kwon conducted a part of this study during his sabbatical visit at Prof. Gene Tsudik’s Lab, UC Irvine, CA, USA (2019–2020), and he thanks Prof. Tsudik for the support.
Funding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2019R1A2C1088802) and by Institute for Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government (MSIT) (No.2018–0-00513, Machine Learning Based Automation of Vulnerability Detection on Unix-based Kernel). The authors thank Prof. Lei Ma for sharing his DeepHunter code to foster this study. Prof. Kwon conducted a part of this study during his sabbatical visit at Prof. Gene Tsudik's Lab, UC Irvine, CA, USA (2019–2020), and he thanks Prof. Tsudik for the support.
Publisher Copyright:
© 2022 Elsevier B.V.
All Science Journal Classification (ASJC) codes
- Computer Science Applications
- Cognitive Neuroscience
- Artificial Intelligence