Skip to main content
SpringerLink
Log in

Quality Guarantees for Autoencoders via Unsupervised Adversarial Attacks

  • Conference paper
  • First Online:
Machine Learning and Knowledge Discovery in Databases (ECML PKDD 2020)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 12458))

Abstract

Autoencoders are an essential concept in unsupervised learning. Currently, the quality of autoencoders is assessed either internally (e.g.. based on mean square error) or externally (e.g.. by classification performance). Yet, there is no possibility to prove that autoencoders generalize beyond the finite training data, and hence, they are not reliable for safety-critical applications that require formal guarantees also for unseen data.

To address this issue, we propose the first framework to bound the worst-case error of an autoencoder within a safety-critical region of an infinite value domain, as well as the definition of unsupervised adversarial examples that cause such worst-case errors. Technically, our framework reduces the infinite search space for a uniform error bound to checking satisfiability of logical formulas in Linear Real Arithmetic. This allows us to leverage highly-optimized SMT solvers, a strategy that is very successful in the context of deductive software verification. We demonstrate our ability to find unsupervised adversarial examples as well as formal quality guarantees both on synthetic and real-world data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/KDD-OpenSource/QUGA.

References

  1. Barrett, C., Fontaine, P., Tinelli, C.: The SMT-LIB standard: version 2.6. Technical report, Department of Computer Science, The University of Iowa (2017)

    Google Scholar 

  2. Bastani, O., Ioannou, Y., Lampropoulos, L., Vytiniotis, D., Nori, A.V., Criminisi, A.: Measuring neural net robustness with constraints. In: Advances in Neural Information Processing Systems, vol. 29, pp. 2613–2621 (2016)

    Google Scholar 

  3. Bradley, A.R., Manna, Z.: The Calculus of Computation - Decision Procedures with Applications to Verification (2007)

    Google Scholar 

  4. Chazan, S.E., Gannot, S., Goldberger, J.: Deep clustering based on a mixture of autoencoders. In: 29th IEEE International Workshop on Machine Learning for Signal Processing, pp. 1–6 (2019)

    Google Scholar 

  5. Chen, Y., et al.: The UCR time series classification archive, July 2015

    Google Scholar 

  6. Chhabra, A., Roy, A., Mohapatra, P.: Strong black-box adversarial attacks on unsupervised machine learning models. CoRR (2019)

    Google Scholar 

  7. Dalvi, N.N., Domingos, P.M., Mausam, Sanghai, S.K., Verma, D.: Adversarial classification. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 99–108 (2004)

    Google Scholar 

  8. Ehlers, R.: Formal verification of piece-wise linear feed-forward neural networks. In: D’Souza, D., Narayan Kumar, K. (eds.) ATVA 2017. LNCS, vol. 10482, pp. 269–286. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68167-2_19

    Chapter  Google Scholar 

  9. Gehr, T., Mirman, M., Drachsler-Cohen, D., Tsankov, P., Chaudhuri, S., Vechev, M.T.: AI2: safety and robustness certification of neural networks with abstract interpretation. In: 2018 IEEE Symposium on Security and Privacy, pp. 3–18 (2018)

    Google Scholar 

  10. Gondara, L.: Medical image denoising using convolutional denoising autoencoders. In: IEEE International Conference on Data Mining Workshops, pp. 241–246 (2016)

    Google Scholar 

  11. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: 3rd International Conference on Learning Representations (2015)

    Google Scholar 

  12. Katz, G., Barrett, C., Dill, D.L., Julian, K., Kochenderfer, M.J.: Reluplex: an efficient SMT solver for verifying deep neural networks. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017. LNCS, vol. 10426, pp. 97–117. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63387-9_5

    Chapter  Google Scholar 

  13. Le, Q.V., et al.: Building high-level features using large scale unsupervised learning. In: Proceedings of of the 29th International Conference on Machine Learning (2012)

    Google Scholar 

  14. Meng, Q., Catchpoole, D.R., Skillicom, D., Kennedy, P.J.: Relational autoencoder for feature extraction. In: 2017 International Joint Conference on Neural Networks (2017)

    Google Scholar 

  15. Min, M.R., Stanley, D.A., Yuan, Z., Bonner, A.J., Zhang, Z.: A deep non-linear feature mapping for large-margin kNN classification. In: ICDM 2009, The Ninth IEEE International Conference on Data Mining, pp. 357–366 (2009)

    Google Scholar 

  16. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  17. Pasa, L., Sperduti, A.: Pre-training of recurrent neural networks via linear autoencoders. In: Advances in Neural Information Processing Systems 27: Annual Conference on Neural Information Processing Systems 2014, pp. 3572–3580 (2014)

    Google Scholar 

  18. Sakurada, M., Yairi, T.: Anomaly detection using autoencoders with nonlinear dimensionality reduction. In: Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis (2014)

    Google Scholar 

  19. Singh, G., Gehr, T., Püschel, M., Vechev, M.T.: Boosting robustness certification of neural networks. In: 7th International Conference on Learning Representations (2019)

    Google Scholar 

  20. Szegedy, C., et al.: Intriguing properties of neural networks. In: 2nd International Conference on Learning Representations (2014)

    Google Scholar 

  21. Vincent, P., Larochelle, H., Lajoie, I., Bengio, Y., Manzagol, P.: Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. J. Mach. Learn. Res. 11, 3371–3408 (2010)

    MathSciNet  MATH  Google Scholar 

  22. Zhao, G., Zhang, M., Liu, J., Wen, J.R.: Unsupervised adversarial attacks on deep feature-based retrieval with GAN (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Bonn, Bonn, Germany

    Benedikt Böing & Emmanuel Müller

  2. Max Planck Institute for Software Systems, Saarbrücken, Germany

    Rajarshi Roy & Daniel Neider

Authors
  1. Benedikt Böing
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajarshi Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emmanuel Müller
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Neider
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benedikt Böing .

Editor information

Editors and Affiliations

  1. Albert-Ludwigs-Universität, Freiburg, Germany

    Frank Hutter

  2. TU Darmstadt, Darmstadt, Germany

    Kristian Kersting

  3. Ghent University, Ghent, Belgium

    Jefrey Lijffijt

  4. Saarland University, Saarbrücken, Germany

    Isabel Valera

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Böing, B., Roy, R., Müller, E., Neider, D. (2021). Quality Guarantees for Autoencoders via Unsupervised Adversarial Attacks. In: Hutter, F., Kersting, K., Lijffijt, J., Valera, I. (eds) Machine Learning and Knowledge Discovery in Databases. ECML PKDD 2020. Lecture Notes in Computer Science(), vol 12458. Springer, Cham. https://doi.org/10.1007/978-3-030-67661-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-67661-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-67660-5

  • Online ISBN: 978-3-030-67661-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation