Adversities in Abstract Interpretation: Accommodating Robustness by Abstract Interpretation: ACM Transactions on Programming Languages and Systems: Vol 0, No ja

IF 1.5 2区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING ACM Transactions on Programming Languages and Systems Pub Date : 2024-02-24 DOI:10.1145/3649309
Roberto Giacobazzi, Isabella Mastroeni, Elia Perantoni
{"title":"Adversities in Abstract Interpretation: Accommodating Robustness by Abstract Interpretation: ACM Transactions on Programming Languages and Systems: Vol 0, No ja","authors":"Roberto Giacobazzi, Isabella Mastroeni, Elia Perantoni","doi":"10.1145/3649309","DOIUrl":null,"url":null,"abstract":"<p>Robustness is a key and desirable property of any classifying system, in particular, to avoid the ever-rising threat of adversarial attacks. Informally, a classification system is robust when the result is not affected by the perturbation of the input. This notion has been extensively studied, but little attention has been dedicated to <i>how</i> the perturbation affects the classification. The interference between perturbation and classification can manifest in many different ways, and its understanding is the main contribution of the present paper. Starting from a rigorous definition of a standard notion of robustness, we build a formal method for accommodating the required degree of robustness — depending on the amount of error the analyst may accept on the classification result. Our idea is to precisely model this error as an <i>abstraction</i>. This leads us to define weakened forms of robustness also in the context of programming languages, particularly in language-based security — e.g., information-flow policies — and in program verification. The latter is possible by moving from a quantitative (standard) model of perturbation to a novel <i>qualitative</i> model, given by means of the notion of abstraction. As in language-based security, we show that it is possible to confine adversities, which means to characterize the degree of perturbation (and/or the degree of class generalization) for which the classifier may be deemed <i>adequately</i> robust. We conclude with an experimental evaluation of our ideas, showing how weakened forms of robustness apply to state-of-the-art image classifiers.</p>","PeriodicalId":50939,"journal":{"name":"ACM Transactions on Programming Languages and Systems","volume":"22 1","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Programming Languages and Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3649309","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

Robustness is a key and desirable property of any classifying system, in particular, to avoid the ever-rising threat of adversarial attacks. Informally, a classification system is robust when the result is not affected by the perturbation of the input. This notion has been extensively studied, but little attention has been dedicated to how the perturbation affects the classification. The interference between perturbation and classification can manifest in many different ways, and its understanding is the main contribution of the present paper. Starting from a rigorous definition of a standard notion of robustness, we build a formal method for accommodating the required degree of robustness — depending on the amount of error the analyst may accept on the classification result. Our idea is to precisely model this error as an abstraction. This leads us to define weakened forms of robustness also in the context of programming languages, particularly in language-based security — e.g., information-flow policies — and in program verification. The latter is possible by moving from a quantitative (standard) model of perturbation to a novel qualitative model, given by means of the notion of abstraction. As in language-based security, we show that it is possible to confine adversities, which means to characterize the degree of perturbation (and/or the degree of class generalization) for which the classifier may be deemed adequately robust. We conclude with an experimental evaluation of our ideas, showing how weakened forms of robustness apply to state-of-the-art image classifiers.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
抽象阐释中的逆境:通过抽象解释适应鲁棒性》:ACM 编程语言与系统论文集》:Vol 0, No ja
鲁棒性是任何分类系统的关键和理想特性,尤其是为了避免不断增加的对抗性攻击威胁。非正式地讲,当结果不受输入扰动的影响时,分类系统就是稳健的。这一概念已被广泛研究,但很少有人关注扰动如何影响分类。扰动和分类之间的干扰可以通过多种不同的方式表现出来,理解这种干扰是本文的主要贡献。我们从稳健性标准概念的严格定义出发,根据分析师对分类结果可接受的误差量,建立了一种正式的方法来适应所需的稳健性程度。我们的想法是将这种误差作为抽象概念进行精确建模。这使我们在编程语言的背景下,特别是在基于语言的安全(如信息流策略)和程序验证中,也能定义鲁棒性的弱化形式。后者可以通过抽象概念,从扰动的定量(标准)模型转向新的定性模型。正如在基于语言的安全领域一样,我们证明有可能限制逆境,这意味着可以确定分类器的扰动程度(和/或类别泛化程度),并认为分类器具有足够的鲁棒性。最后,我们对我们的想法进行了实验评估,展示了弱化形式的鲁棒性如何应用于最先进的图像分类器。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Programming Languages and Systems
ACM Transactions on Programming Languages and Systems 工程技术-计算机:软件工程
CiteScore
3.10
自引率
7.70%
发文量
28
审稿时长
>12 weeks
期刊介绍: ACM Transactions on Programming Languages and Systems (TOPLAS) is the premier journal for reporting recent research advances in the areas of programming languages, and systems to assist the task of programming. Papers can be either theoretical or experimental in style, but in either case, they must contain innovative and novel content that advances the state of the art of programming languages and systems. We also invite strictly experimental papers that compare existing approaches, as well as tutorial and survey papers. The scope of TOPLAS includes, but is not limited to, the following subjects: language design for sequential and parallel programming programming language implementation programming language semantics compilers and interpreters runtime systems for program execution storage allocation and garbage collection languages and methods for writing program specifications languages and methods for secure and reliable programs testing and verification of programs
期刊最新文献
Proving Correctness of Parallel Implementations of Transition System Models CFLOBDDs: Context-Free-Language Ordered Binary Decision Diagrams Adversities in Abstract Interpretation: Accommodating Robustness by Abstract Interpretation: ACM Transactions on Programming Languages and Systems: Vol 0, No ja Homeostasis: Design and Implementation of a Self-Stabilizing Compiler Locally Abstract, Globally Concrete Semantics of Concurrent Programming Languages
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1