Code for the paper Exploiting Verified Neural Networks via Floating Point Numerical Error.
- Prepare the requirements: python >= 3.8, numpy, pytorch, cython and opencv. Julia and MIPVerify are also required. You may need my fork of MIPVerify unless the pull request is merged.
- Train the MNIST and CIFAR10 models and get the verification results following the instructions given in relu_stable. Note that the original repo only contains an MNIST model. You can apply the patches in relu_stable_patch to reproduce the training step. I have also included pre-trained model weights and verification results in data so this step can be skipped.
- Run the scripts
step0_find_edge_input.sh,step1_find_edge_model.shandstep2_attack.shorattack_parallel.shto reproduce the results. Please read the scripts to get a basic understanding of what they are doing.
Attack logs and adversarial images for the experiments reported in the paper are
available in result. Run python -m realadv view_attack to view
adversarial images.
@inproceedings{jia2021exploiting,
author="Jia, Kai and Rinard, Martin",
editor="Dr{\u{a}}goi, Cezara and Mukherjee, Suvam and Namjoshi, Kedar",
title="Exploiting Verified Neural Networks via Floating Point Numerical Error",
booktitle="Static Analysis",
year="2021",
publisher="Springer International Publishing",
address="Cham",
pages="191--205",
isbn="978-3-030-88806-0"
}