Despite their unprecedented success, DNNs are notoriously fragile to small shifts in data distribution, demanding effective testing techniques that can assess their dependability. Despite recent advances in DNN testing, there is a lack of systematic testing approaches that assess the DNN's capability to generalise and operate comparably beyond data in their training distribution. We address this gap with DeepKnowledge, a systematic testing methodology for DNN-based systems founded on the theory of knowledge generalisation, which aims to enhance DNN robustness and reduce the residual risk of 'black box' models. Conforming to this theory, DeepKnowledge posits that core computational DNN units, termed Transfer Knowledge neurons, can generalise under domain shift. DeepKnowledge provides an objective confidence measurement on testing activities of DNN given data distribution shifts and uses this information to instrument a generalisation-informed test adequacy criterion to check the transfer knowledge capacity of a test set. Our empirical evaluation of several DNNs, across multiple datasets and state-of-the-art adversarial generation techniques demonstrates the usefulness and effectiveness of DeepKnowledge and its ability to support the engineering of more dependable DNNs. We report improvements of up to 10 percentage points over state-of-the-art coverage criteria for detecting adversarial attacks on several benchmarks, including MNIST, SVHN, and CIFAR.

翻译：尽管取得了前所未有的成功，深度神经网络（DNN）对数据分布的微小变化极为脆弱，亟需有效的测试技术来评估其可靠性。尽管近年来DNN测试领域取得了进展，但尚缺乏能系统评估DNN泛化能力及在训练分布外数据上保持同等运行能力的测试方法。我们通过DeepKnowledge填补了这一空白——这是一种基于知识泛化理论的DNN系统化测试方法，旨在增强DNN鲁棒性并降低"黑箱"模型的残余风险。遵循该理论，DeepKnowledge提出DNN的核心计算单元（称为迁移知识神经元）能够在领域偏移下实现泛化。DeepKnowledge为给定数据分布偏移的DNN测试活动提供客观置信度度量，并利用该信息构建基于泛化的测试充分性准则，以检验测试集的迁移知识能力。我们在多个数据集和先进对抗生成技术上的实证评估表明，DeepKnowledge在支持构建更可靠的DNN方面具有实用性和有效性。在包括MNIST、SVHN和CIFAR在内的多个基准测试中，我们报告该方法对抗性攻击检测的覆盖准则相比现有最优方法提升了高达10个百分点。