ML Security PapersLearning-Based Testing for Deep Learning: Enhancing Model Robustness with Adversarial Input Prioritization
Sheikh Md Mushfiqur Rahman , Nasir Eisty
Published on arXiv
2509.23961
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
The proposed LBT method consistently outperforms coverage-based and confidence-based baselines in prioritizing fault-revealing adversarial inputs and uncovering all potential faults faster across diverse datasets, architectures, and adversarial attack techniques.
Learning-Based Testing (LBT) for adversarial input prioritization
Novel technique introduced
Context: Deep Neural Networks (DNNs) are increasingly deployed in critical applications, where resilience against adversarial inputs is paramount. However, whether coverage-based or confidence-based, existing test prioritization methods often fail to efficiently identify the most fault-revealing inputs, limiting their practical effectiveness. Aims: This project aims to enhance fault detection and model robustness in DNNs by integrating Learning-Based Testing (LBT) with hypothesis and mutation testing to efficiently prioritize adversarial test cases. Methods: Our method selects a subset of adversarial inputs with a high likelihood of exposing model faults, without relying on architecture-specific characteristics or formal verification, making it adaptable across diverse DNNs. Results: Our results demonstrate that the proposed LBT method consistently surpasses baseline approaches in prioritizing fault-revealing inputs and accelerating fault detection. By efficiently organizing test permutations, it uncovers all potential faults significantly faster across various datasets, model architectures, and adversarial attack techniques. Conclusion: Beyond improving fault detection, our method preserves input diversity and provides effective guidance for model retraining, further enhancing robustness. These advantages establish our approach as a powerful and practical solution for adversarial test prioritization in real-world DNN applications.
Key Contributions
- An LBT-based adversarial test prioritization method that selects fault-revealing inputs without requiring access to model internals or architecture-specific knowledge
- Integration of hypothesis and mutation testing into the adversarial input selection loop to accelerate fault detection across diverse DNN architectures
- Retraining guidance derived from prioritized adversarial inputs that preserves input diversity while enhancing model robustness
🛡️ Threat Analysis
The paper's primary goal is improving DNN robustness against adversarial inputs — the LBT method selects the most fault-revealing adversarial test cases and provides retraining guidance, making it a defense-oriented adversarial testing methodology targeting inference-time input manipulation threats.