Evaluating the behavioral boundaries of deep learning (DL) systems is crucial for understanding their reliability across diverse, unseen inputs. Existing solutions fall short as they rely on untargeted, random perturbations with limited controlled input variations. In this work, we introduce Mimicry, a novel black-box test generator for fine-grained, targeted exploration of DL system boundaries. Mimicry performs boundary testing by leveraging the probabilistic nature of DL outputs to identify promising directions for exploration. By using style-based GANs to disentangle inputs into content and style components, Mimicry generates boundary test inputs by mimicking features from both source and target classes. We evaluated Mimicry’s effectiveness in generating boundary inputs for five DL image classification systems, comparing it to two baselines from the literature. Our results show that Mimicry consistently identifies inputs up to 25× closer to the theoretical decision boundary, outperforming the baselines with statistical significance. Moreover, it generates semantically meaningful boundary test cases that reveal new functional misbehaviors, while the baselines mostly produce corrupted or invalid inputs. Thanks to its enhanced control over latent space manipulations, Mimicry remains effective as dataset complexity grows, resulting in a up to 36% higher validity rate and competitive diversity, as supported by a comprehensive human assessment.
Targeted Deep Learning System Boundary Testing
Vincenzo Riccio;Andrea Stocco
2025-01-01
Abstract
Evaluating the behavioral boundaries of deep learning (DL) systems is crucial for understanding their reliability across diverse, unseen inputs. Existing solutions fall short as they rely on untargeted, random perturbations with limited controlled input variations. In this work, we introduce Mimicry, a novel black-box test generator for fine-grained, targeted exploration of DL system boundaries. Mimicry performs boundary testing by leveraging the probabilistic nature of DL outputs to identify promising directions for exploration. By using style-based GANs to disentangle inputs into content and style components, Mimicry generates boundary test inputs by mimicking features from both source and target classes. We evaluated Mimicry’s effectiveness in generating boundary inputs for five DL image classification systems, comparing it to two baselines from the literature. Our results show that Mimicry consistently identifies inputs up to 25× closer to the theoretical decision boundary, outperforming the baselines with statistical significance. Moreover, it generates semantically meaningful boundary test cases that reveal new functional misbehaviors, while the baselines mostly produce corrupted or invalid inputs. Thanks to its enhanced control over latent space manipulations, Mimicry remains effective as dataset complexity grows, resulting in a up to 36% higher validity rate and competitive diversity, as supported by a comprehensive human assessment.| File | Dimensione | Formato | |
|---|---|---|---|
|
3771557.pdf
non disponibili
Tipologia:
Versione Editoriale (PDF)
Licenza:
Non pubblico
Dimensione
2.31 MB
Formato
Adobe PDF
|
2.31 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
