Deep Neural Networks (DNNs) are becoming a crucial component of modern software systems, but they are prone to fail under conditions that are different from the ones observed during training (out-of-distribution inputs) or on inputs that are truly ambiguous, i.e., inputs that admit multiple classes with nonzero probability in their labels. Recent work proposed DNN supervisors to detect high-uncertainty inputs before their possible misclassification leads to any harm. To test and compare the capabilities of DNN supervisors, researchers proposed test generation techniques, to focus the testing effort on high-uncertainty inputs that should be recognized as anomalous by supervisors. However, existing test generators aim to produce out-of-distribution inputs. No existing model- and supervisor independent technique targets the generation of truly ambiguous test inputs, i.e., inputs that admit multiple classes according to expert human judgment. In this paper, we propose a novel way to generate ambiguous inputs to test DNN supervisors and used it to empirically compare several existing supervisor techniques. In particular, we propose AmbiGuess to generate ambiguous samples for image classification problems. AmbiGuess is based on gradient-guided sampling in the latent space of a regularized adversarial autoencoder. Moreover, we conducted what is -- to the best of our knowledge -- the most extensive comparative study of DNN supervisors, considering their capabilities to detect 4 distinct types of high-uncertainty inputs, including truly ambiguous ones. We find that the tested supervisors' capabilities are complementary: Those best suited to detect true ambiguity perform worse on invalid, out-of-distribution and adversarial inputs and vice-versa.

翻译：深度神经网络（DNN）正成为现代软件系统的关键组成部分，但在训练数据分布之外（分布外输入）或面对真正存在歧义的输入（即标签中多个类别具有非零概率的输入）时，它们容易出错。近期研究提出通过DNN监督器在输入可能被错误分类并造成危害之前检测高不确定性输入。为测试和比较DNN监督器的能力，研究人员提出了测试生成技术，以聚焦于那些监督器应识别为异常的高不确定性输入。然而，现有测试生成器旨在生成分布外输入，尚无模型无关且监督器无关的技术能针对生成真正歧义的测试输入（即根据专家判断可归属于多个类别的输入）。本文提出一种生成歧义输入以测试DNN监督器的新方法，并基于此对多种现有监督技术进行实证比较。具体而言，我们提出AmbiGuess方法生成图像分类问题的歧义样本。该方法基于正则化对抗自编码器潜在空间中的梯度引导采样。此外，我们开展了迄今最全面的DNN监督器对比研究，评估其检测四种不同类型高不确定性输入（包括真正歧义输入）的能力。研究发现，所测试监督器的能力具有互补性：最擅长检测真正歧义输入的监督器在检测无效输入、分布外输入和对抗性输入时表现较差，反之亦然。