TY - GEN
T1 - Neural Networks, Secure by Construction
T2 - 18th Asian Symposium on Programming Languages and Systems 2020
AU - Kokke, Wen
AU - Komendantskaya, Ekaterina
AU - Kienitz, Daniel
AU - Atkey, Robert
AU - Aspinall, David
PY - 2020/11/24
Y1 - 2020/11/24
N2 - We present StarChild and Lazuli, two libraries which leverage refinement types to verify neural networks, implemented in F∗ and Liquid Haskell. Refinement types are types augmented, or refined, with assertions about values of that type,“integers greater than five”, which are checked by an SMT solver. Crucially, these assertions are written in the language itself. A user of our library can refine the type of neural networks,“neural networks which are robust against adversarial attacks”, and expect F∗ to handle the verification of this claim for any specific network, without having to change the representation of the network, or even having to learn about SMT solvers. Our initial experiments indicate that our approach could greatly reduce the burden of verifying neural networks. Unfortunately, they also show that SMT solvers do not scale to the sizes required for neural network verification.
AB - We present StarChild and Lazuli, two libraries which leverage refinement types to verify neural networks, implemented in F∗ and Liquid Haskell. Refinement types are types augmented, or refined, with assertions about values of that type,“integers greater than five”, which are checked by an SMT solver. Crucially, these assertions are written in the language itself. A user of our library can refine the type of neural networks,“neural networks which are robust against adversarial attacks”, and expect F∗ to handle the verification of this claim for any specific network, without having to change the representation of the network, or even having to learn about SMT solvers. Our initial experiments indicate that our approach could greatly reduce the burden of verifying neural networks. Unfortunately, they also show that SMT solvers do not scale to the sizes required for neural network verification.
KW - Neural networks
KW - Refinement types
KW - Verification
UR - http://www.scopus.com/inward/record.url?scp=85097643261&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-64437-6_4
DO - 10.1007/978-3-030-64437-6_4
M3 - Conference contribution
AN - SCOPUS:85097643261
SN - 9783030644369
T3 - Lecture Notes in Computer Science
SP - 67
EP - 85
BT - Programming Languages and Systems. APLAS 2020
A2 - Oliveira, Bruno C.
PB - Springer
Y2 - 30 November 2020 through 2 December 2020
ER -