Methods for Formal Verification of Artificial Neural Networks: A Review of Existing Approaches

Ekaterina Stroeva, Aleksey Tonkikh


Among recent publications containing an overview and systematization of  algorithms for formal verification of neural networks, a classification of algorithms is  proposed which is based on three following properties: reachability, optimization,  and search. Reachability-based methods select data from a range of  input values based on predefined constraints on the input values, and approximate  this set using symbolic mathematical constructs. The main problem of this approach  is overapproximation, i.e., the output set is too wide. Another big  problem is preservation of linearity after applying the ReLU activation function,  which is necessary for applying the backpropagation algorithm. In present article we  analyze, compare, and sistemathize mathematical constructions and attempts  to approximate the point data by flat continuous sets with the least possible  approximation. We also discuss the most effective methods of solving the problem  of applying the ReLU activation function to symbolic elements.

Full Text:

PDF (Russian)


Nnv: The neural network verification tool for deep neural networks and learning-enabled cyber-physical systems / Hoang-Dung Tran, Xiaodong Yang, Diego Manzanas Lopez et al. — 2020. — URL:

Muhammad Shafique Mahum Naseer Theocharis Theocharides. Robust Machine Learning Systems: Challenges,Current Trends, Perspectives, and the Road Ahead. — 2020. — . — URL: https://ieeexplore.

Safety verification of deep neural networks / Xiaowei Huang, Marta Kwiatkowska, Sen Wang, Min Wu. — 2016. — URL: https: //

Ehlers Ruediger. Formal verification of piece-wise linear feed-forward neural networks. — 2017. — URL:

Shriver David, Elbaum Sebastian, Dwyer Matthew B. Dnnv: A framework for deep neural network verification. — 2021. — URL:

Verification of deep convolutional neural networks using imagestars / Hoang-Dung Tran, Stanley Bak, Weiming Xiang, Taylor T. Johnson. — 2020. — URL:

Tjeng Vincent, Xiao Kai, Tedrake Russ. Evaluating robustness of neural networks with mixed integer programming. — 2017. — URL:

A dual approach to scalable verification of deep networks / Krishnamurthy, Dvijotham, Robert Stanforth et al. — 2018. — URL:

Boosting robustness certification of neural networks / Gagandeep Singh, Timon Gehr, Markus Püschel, Martin Vechev // International Conference on Learning Representations. — 2019. — URL:

Xiang Weiming, Tran Hoang-Dung, Johnson Taylor T. Specificationguided safety verification for feedforward neural networks. — 2018. — URL:

Formal security analysis of neural networks using symbolic intervals / Shiqi Wang, Kexin Pei, Justin Whitehouse et al. — 2018. — URL:

Efficient formal safety analysis of neural networks / Shiqi Wang, Kexin Pei, Justin Whitehouse et al. — 2018. — URL: https://arxiv.


Timon Gehr Matthew Mirman Dana Drachsler-Cohen. AI2: Safety and Robustness Certification of Neural networks with Abstract Interpretation.

— 2018. — URL:

Ghorbal Khalil, Goubault Eric, Putot Sylvie. The zonotope abstract domain taylor1+. — 2009. — URL: 10.1007/978-3-642-02658-4_47#chapter-info.

Fast and effective robustness certification / Gagandeep Singh, Timon Gehr, Matthew Mirman et al. // Advances in Neural Information Processing Systems / Ed. by S. Bengio, H. Wallach, H. Larochelle et al. — Vol. 31. — Curran Associates, Inc., 2018. — URL: f2f446980d8e971ef3da97af089481c3-Paper.pdf.

Duggirala Parasara Sridhar, Viswanathan Mahesh. Parsimonious, simulation based verification of linear systems. — 2016. — URL: https:


Optimization and abstraction: a synergistic approach for analyzing neural network robustness / Greg Anderson, Shankara Pailoor, Isil Dillig, Swarat Chaudhuri. — ACM, 2019. — jun. — URL:

Improved geometric path enumeration for verifying relu neural networks / Stanley Bak, Hoang-Dung Tran, Kerianne Hobbs, Taylor

T. Johnson. — 2020. — URL: 10.1007/978-3-030-53288-8_4.

Namiot Dmitry Eugene Ilyushin, Pilipenko Oleg. On trusted ai platforms. — 2022. — URL:

Namiot Dmitry Eugene Ilyushin, Chizhov Ivan. Attacks on machine learning systems-common problems and methods. — 2022. — URL:

Dmitry Namiot, Ilyushin Eugene. Generative models in machine learning. — 2022. — URL:

Iskusstvennyj intellekt v kiberbezopasnosti. — Provereno: 08.08.2022. — URL:


  • There are currently no refbacks.

Abava  Кибербезопасность MoNeTec 2024

ISSN: 2307-8162