Abstract
Machine Learning (ML) systems such as Convolutional Neural Networks (CNNs) are susceptible to adversarial scenarios. In these scenarios, an attacker attempts to manipulate or deceive a machine learning model by providing malicious input resulting in incorrect predictions or decisions, which can have severe consequences in security, healthcare, and finance applications. Failures in the ML algorithm can lead to failures in the application domain and the system to which they provide functionality, which may possess performance requirements, hence the need for software reliability and resilience assessment. Many studies propose enhanced techniques to improve the robustness and resilience of ML algorithms. Yet, very few provide quantitative methods that promote risk assessment or measure progress toward improvements in such systems. This research demonstrates the applicability of software reliability and resilience tools to ML algorithms providing an objective approach to assess reliability and resilience recovery after a degradation from known adversarial attacks. An image classification model using CNNs has been created as the target of two generative adversarial attacks (i) the Fast Gradient Sign Method and (ii) the Projected Gradient Descent. The classifier and adversarial attacks were utilized in a min-max game scenario to replicate incremental learning and adaptive adversarial training, to minimize/maximize the number of failures of the classification algorithm. Model-generated data was collected and prepared in a format suitable for software reliability growth models (SRGM) with and without covariates and resilience models, including failure counts, memory usage, and the intensity of noise added by the attacks. Our results suggest that tools incorporating SRGMs and resilience techniques are suitable for quantifying and predicting the resilience and reliability of ML models and may find practical use in many domains in which these models are applied.