Evaluating the behavioral boundaries of deep learning (DL) systems is crucial for understanding their reliability across diverse, unseen inputs. Existing solutions fall short as they rely on untargeted random, model- or latent-based perturbations, due to difficulties in generating controlled input variations. In this work, we introduce Mimicry, a novel black-box test generator for fine-grained, targeted exploration of DL system boundaries. Mimicry performs boundary testing by leveraging the probabilistic nature of DL outputs to identify promising directions for exploration. It uses style-based GANs to disentangle input representations into content and style components, enabling controlled feature mixing to approximate the decision boundary. We evaluated Mimicry's effectiveness in generating boundary inputs for five widely used DL image classification systems of increasing complexity, comparing it to two baseline approaches. Our results show that Mimicry consistently identifies inputs closer to the decision boundary. It generates semantically meaningful boundary test cases that reveal new functional (mis)behaviors, while the baselines produce mainly corrupted or invalid inputs. Thanks to its enhanced control over latent space manipulations, Mimicry remains effective as dataset complexity increases, maintaining competitive diversity and higher validity rates, confirmed by human assessors.
翻译:评估深度学习(DL)系统的行为边界对于理解其在多样化未见输入上的可靠性至关重要。现有方法因难以生成受控的输入变化,而依赖于非定向的随机、模型或潜在空间扰动,存在明显不足。本研究提出Mimicry,一种新颖的黑盒测试生成器,用于对深度学习系统边界进行细粒度的定向探索。Mimicry利用深度学习输出的概率特性识别有前景的探索方向,从而实现边界测试。该方法采用基于风格的生成对抗网络(GANs)将输入表征解耦为内容与风格分量,通过受控的特征混合逼近决策边界。我们在五个复杂度递增的广泛使用的深度学习图像分类系统上评估了Mimicry生成边界输入的有效性,并与两种基线方法进行比较。结果表明,Mimicry能持续生成更接近决策边界的输入,产生语义清晰的边界测试用例以揭示新的功能(错误)行为,而基线方法主要生成损坏或无效的输入。得益于对潜在空间操作增强的调控能力,Mimicry在数据集复杂度增加时仍保持有效性,维持了有竞争力的多样性和更高的有效性率,这已通过人工评估得到验证。
相关内容
微信扫码咨询专知VIP会员