Int J Performability Eng ›› 2019, Vol. 15 ›› Issue (10): 2675-2682.doi: 10.23940/ijpe.19.10.p13.26752682

• Orginal Article • Previous Articles     Next Articles

FDFuzz: Applying Feature Detection to Fuzz Deep Learning Systems

Jie Wangab*, Kefan Caob, Chunrong Fangb, and Jinxin Chenb   

  1. aMaanshan Teacher's College, Maanshan, 243000, China
    bThe State Key Laboratory of Novel Software Technology, Nanjing University, Nanjing, 210000, China
  • Submitted on ; Revised on ; Accepted on
  • Contact: Wang Jie
  • About author:

    * Corresponding author. E-mail address:

  • Supported by:
    This research was supported by the National Natural Science Foundation of China (No 61802171, 61772014), the Excellent Youth Talent Support Project of University of Anhui in 2017 (No gxyq2017242), the Fundamental Research Funds for the Central Universities (No 021714380017), and the Open Foundation of State Key Laboratory for Novel Software Technology in Nanjing University (No ZZKT2017B09)

Abstract:

In the past years, many resources have been allocated to research on deep learning networks for better classification and recognition. These models have higher accuracy and wider application contexts, but the weakness of easily being attacked by adversarial examples has raised our concern. It is widely acknowledged that the reliability of many safety-critical systems must be confirmed. However, not all systems have sufficient robustness, which makes it necessary to test these models before going into service. In this work, we introduce FDFuzz, an automated fuzzing technique that exposes incorrect behaviors of neural networks. Under the guidance of the neuron coverage metric, the fuzzing process aims to find those examples to let the network make mistakes via mutating inputs, which are then correctly classified. FDFuzz employs a feature detection technique to analyze input images and improve the efficiency of mutation by features of keypoints. Compared with TensorFuzz, the state-of-the-art open source library for neural network testing, FDFuzz demonstrates higher efficiency in generating adversarial examples and makes better use of elements in corpus. Although our mutation function consumes more time to generate new elements, it can generate 250% more adversarial examples and save testing time.

Key words: neuron network, machine learning, adversarial examples, fuzzing