FIELD
The present invention concerns a method for assessing a robustness of a smoothed classifier, a method for assessing an overall robustness of a smoothed classifier, a method for training a smoothed classifier, a method for operating a smoothed classifier, a method for providing an actuator control signal, a computer program and a machine-readable storage medium.
BACKGROUND INFORMATION
In safety-critical applications like, for example, highly automated driving, it is important that a classification and/or semantic segmentation of an input signal depending on which further actions of the system are selected is correct.
However, without appropriate counter-measures, classifiers, like, e.g., neural network classification systems can easily be fooled. Classifiers which may be based on deep learning may be sensitive to small perturbations. In order to deploy such systems in the physical world it is important to provide a proof about the system's robustness.
“Certified Robustness to Adversarial Examples with Differential Privacy”, arXiv preprint arXiv:1802.03471v3, 2018, Mathias Lecuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana and “Second-Order Adversarial Attack and Certifiable Robustness”, arXiv preprint arXiv: 1809.03113v1, 2018, Bai Li, Changyou Chen, Wenlin Wang, Lawrence Carin describe a randomization technique to create a certifiably robust classifier based on a given classifier f, that maps an input signal to classes ![custom-character]()
. Classifier f is also called a base classifier in this context. They also presented certifiably robust bounds for such a smoothed classifier.
SUMMARY
A smoothed classifier g may be defined as follows: When presented with an input x, the smoothed classifier g returns the most likely prediction by base classifier f under noise, in particular under random Gaussian perturbations of input signal x:
where ϵ˜![custom-character]()
(0, σ2I) for some predefined variance σ2.
In order to be sure that the classification of said smoothed classifier g is correct, it is important to have guaranteed robustness. A method in accordance with an example embodiment of the present invention may yield a robustness value (also called a robustness bound) ![custom-character]()
that guarantees that the classification yielded by smoothed classifier g is the same for all input vectors that lie within a ball of radius ![custom-character]()
around input signal x.
Therefore, in a first aspect, the present invention is concerned with a computer-implemented method for assessing a robustness of a smoothed classifier (g) for classifying sensor signals received from a sensor (30). In accordance with an example embodiment of the present invention, the method comprises the following steps:
- determining an input signal depending on said sensor signal,
- determining, by the smoothed classifier (g)a first value (pA) which characterizes a probability that said input signal (x), when subjected to noise, will be classified as belonging to a first class (cA) out of a predefined plurality of classes, wherein said first class (cA) is a most probable class,
- determining, by the smoothed classifier (g), a second value (pB) which characterizes a probability that said input signal (x), when subjected to said noise will be classified as belonging to a second class (cB) out of said predefined plurality of classes, wherein said second class (cB) is a second-most probable class,
- determining the robustness value
![custom-character]()
on a first inverse value (Φ−1(pA)) of a standard Gaussian cumulative distribution function at said first value (pA) and/or depending on a second inverse value (Φ−1(pB)) of said standard Gaussian cumulative distribution function at said second value (pB).
It may then be decided that the smoothed classifier (g) is robust if and only if said robustness value ![custom-character]()
is larger than a predefined threshold.
For example, said predefined threshold may be given by a quantity characterizing noise in said sensor signals.
In a preferred embodiment, said robustness value ![custom-character]()
is determined proportional to Φ−1(pA)−Φ−1(pB), preferably σ·(Φ−1(pA)−Φ−1(pB)).
If it is chosen equal to
the bound is tight. This bound is substantially larger and therefore more useful than previously known bounds. In mathematical terms, pA is a lower bound on ![custom-character]()
(f(x+ϵ)=cA), pB is an upper bound on
To compute the robustness value ![custom-character]()
around input signal x, it is necessary to compute pA and pB. However, if the input signal is high-dimensional, it is impossible to exactly compute the distribution of f (x+ϵ), which is a discrete distribution over the set of possible classes ![custom-character]()
. That is because in order to compute g(x) exactly, it is necessary to compute f(x+ϵ) over all possible states x+ϵ and integrate a Gaussian along the set SA={x+ϵ|f(x+ϵ)=cA}.
A good approximation can be obtained by Monte Carlo estimation to construct bounds pA and pB.that satisfy
- with arbitrarily high probability 1-α over the Monte Carlo samples.
Estimating pA and pB while simultaneously identifying the top class cA is potentially inefficient. A straightforward implementation would compute pi=![custom-character]()
(f(x+ϵ)=ci) for all classes ci and then identify cA as the class with the largest pi. This is guaranteed to be precise, but expensive to compute.
One way is a two-step procedure. First, use n0 samples from f(x+ϵ) to take a guess cA.at the identity of the top class cA. Since meaningfully large radii can only be certified when f (x+ϵ) puts almost all its mass on the top class, it is possible to take n0 very small, e.g., n0=3. Second, use n samples from f(x+ϵ) to obtain pA and pB that satisfy (2) with probability 1−α for a predefined value of α. It can be observed that it is much more typical for the mass of f (x+ϵ) outside top class cA to be allocated entirely to one remaining class than to be spread uniformly over all remaining classes. Therefore, it is possible to determine pB as pB=1−pA, which is highly efficient, while at the same time being a very precise upper bound.
In a further aspect of the present invention, it is possible to apply the above method to a test set comprising a plurality of test input signals (xi). Using said test input signal (xi) as input signal (x) as above, it is then possible to determine a plurality of test robustness values (![custom-character]()
i), each corresponding to one of the test input signals (xi). It is then possible to determine an overall robustness value (![custom-character]()
ov) that characterizes the determined set of test robustness values (![custom-character]()
i′), for example its minimum value.
It may then be decided that the smoothed classifier (g) is robust if and only if said overall robustness value ![custom-character]()
ov is larger than a predefined threshold.
Alternatively, it is then possible to determine whether said smoothed classifier (g) is robust or not based on a relative size of said robustness value (![custom-character]()
) and said overall robustness value (![custom-character]()
ov). Said relative size is an indicator whether said input signal (x) is meaningfully represented by the test set, or not, or, in other words, whether said input signal (x) is representative of said test set. For example, it may be determined that said smoothed classifier (g) is robust if and only if said relative size, for example a quotient ![custom-character]()
/![custom-character]()
ov′ is larger than a second predefined threshold.
In a further aspect of the present invention, this decision whether the smoothed classifier (g) is robust or not as a cut-off criterion is used for training of said smoothed classifier (g), wherein training is continued if said smooth classifier (g) is determined to be non-robust.
In a still further aspect of the present invention, it is possible to use relative size for training during operation of said smoothed classifier. In accordance with an example embodiment of the present invention, it may be provided to operate said smoothed classifier (g), determining whether said smoothed classifier (g) is robust or not using the above method, and, if said smoothed classifier (g) is determined to be non-robust based on said relative size, send said input signal (x) to a remote server, receive, from said remote server, a target classification of said input signal (x), and further train said smoothed classifier (g) using said input signal (x) and said target classification. For example, said target classification may have been provided by a human expert. Remote may mean that said remote server and a computer executing said smoothed classifier are not integrated in a single unit.
In another still further aspect of the present invention, it is possible to use said robustness value ![custom-character]()
as a trigger for closer inspection, by determining, using the above method, said robustness value (![custom-character]()
) of said smoothed classifier (g) when provided with said input signal (x) and adjusting operating parameters of said sensor (30) depending on said robustness value. In particular, said sensor (30) may be controlled to zoom into a region that is classified as non-robust.
In another still further aspect of the present invention, it is possible to use said robustness value ![custom-character]()
for safe operation of an actuator, by assessing whether said smoothed classifier (g) is robust or not using the above method, and determining an actuator control signal (A) for controlling said actuator in accordance with a result of said assessment, in particular by determining said actuator control signal (A) to cause said actuator to operate in a safe mode if said smoothed classifier (g) is deemed not robust as a result of said assessment.
Naturally, the above methods are not limited in application to automated driving. In other applications, said actuator may be controlling an at least partially autonomous robot (100) and/or a manufacturing machine (200)) and/or an access control system (300).
Example embodiments of the present invention are discussed with reference to the following figures in more detail below.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows a control system having a classifier controlling an actuator in its environment, in accordance with an example embodiment of the present invention.
FIG. 2 shows the control system controlling an at least partially autonomous robot, in accordance with an example embodiment of the present invention.
FIG. 3 shows the control system controlling a manufacturing machine, in accordance with an example embodiment of the present invention.
FIG. 4 shows the control system controlling an automated personal assistant, in accordance with an example embodiment of the present invention.
FIG. 5 shows the control system controlling an access control system, in accordance with an example embodiment of the present invention.
FIG. 6 shows the control system controlling a surveillance system, in accordance with an example embodiment of the present invention.
FIG. 7 shows the control system controlling an imaging system, in accordance with an example embodiment of the present invention.
FIG. 8 shows an embodiment of a structure of said classifier, in accordance with an example embodiment of the present invention.
FIG. 9 shows a flow-chart diagram of an algorithm for determining robustness value ![custom-character]()
, in accordance with an example embodiment of the present invention.
FIG. 10 shows a flow-chart diagram of a part of an alternative algorithm for determining robustness value ![custom-character]()
, in accordance with an example embodiment of the present invention.
FIG. 11 shows a flow-chart diagram of a method for determining whether a classifier is robust, in accordance with an example embodiment of the present invention.
FIG. 12 shows a flow-chart diagram illustrating of a method for determining whether a classifier 60 is overall robust, in accordance with an example embodiment of the present invention.
FIG. 13 shows a flow-chart diagram for illustrating of a method for determining whether an input signal x is well represented in a test set, in accordance with an example embodiment of the present invention.
FIG. 14 shows a flow-chart diagram illustrating another method for operating classifier 60, in accordance with an example embodiment of the present invention.
FIG. 15 shows a flow-chart diagram illustrating another method for operating classifier 60, in accordance with an example embodiment of the present invention.
FIG. 16 shows a flow-chart diagram illustrating another method for operating classifier 60, in accordance with an example embodiment of the present invention.
FIG. 17 shows a flow-chart diagram illustrating a method for providing actuator control signal A, in accordance with an example embodiment of the present invention.
DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS
Shown in FIG. 1 is one embodiment of an actuator 10 in its environment 20. Actuator 10 interacts with a control system 40. Actuator 10 and its environment 20 will be jointly called actuator system. At preferably evenly spaced distances, a sensor 30 senses a condition of the actuator system. The sensor 30 may comprise several sensors. Preferably, sensor 30 is an optical sensor that takes images of the environment 20. An output signal S of sensor 30 (or, in case the sensor 30 comprises a plurality of sensors, an output signal S for each of the sensors) which encodes the sensed condition is transmitted to the control system 40.
Thereby, control system 40 receives a stream of sensor signals S. It then computes a series of actuator control commands A depending on the stream of sensor signals S, which are then transmitted to actuator 10.
Control system 40 receives the stream of sensor signals S of sensor 30 in an optional receiving unit 50. Receiving unit 50 transforms the sensor signals S into input signals x. Alternatively, in case of no receiving unit 50, each sensor signal S may directly be taken as an input signal x. Input signal x may, for example, be given as an excerpt from sensor signal S. Alternatively, sensor signal S may be processed to yield input signal x. Input signal x comprises image data corresponding to an image recorded by sensor 30. In other words, input signal x is provided in accordance with sensor signal S.
Input signal x is then passed on to a classifier 60, which may, for example, be given by an artificial neural network.
Classifier 60 is parametrized by parameters ϕ, which are stored in and provided by parameter storage St1.
Classifier 60 determines output signals y from input signals x. The output signal y comprises top class cA and robustness value ![custom-character]()
. Naturally, top class cA and robustness value ![custom-character]()
may correspond to a classification of the entire input signal x. Alternatively, it may be given as a semantic segmentation, e.g., by assigning classes to bounding boxes. Output signals y are transmitted to an optional conversion unit 80, which is configured to determine actuator control commands A. Actuator control commands A are then transmitted to actuator 10 for controlling actuator 10 accordingly. Alternatively, output signals y may directly be taken as control commands A.
Actuator 10 receives actuator control commands A, is controlled accordingly and carries out an action corresponding to actuator control commands A. Actuator 10 may comprise a control logic which transforms actuator control command A into a further control command, which is then used to control actuator 10.
In further embodiments, control system 40 may comprise sensor 30. In even further embodiments, control system 40 alternatively or additionally may comprise actuator 10.
In still further embodiments, control system 40 may control a display 10a instead of an actuator 10.
Furthermore, control system 40 may comprise a processor 45 (or a plurality of processors) and at least one machine-readable storage medium 46 on which instructions are stored which, if carried out, cause control system 40 to carry out a method according to one aspect of the present invention.
FIG. 2 shows an embodiment in which control system 40 is used to control an at least partially autonomous robot, e.g., an at least partially autonomous vehicle 100.
Sensor 30 may comprise one or more video sensors and/or one or more radar sensors and/or one or more ultrasonic sensors and/or one or more LiDAR sensors and or one or more position sensors (like, e.g., GPS). Some or all of these sensors are preferably but not necessarily integrated in vehicle 100.
Alternatively or additionally sensor 30 may comprise an information system for determining a state of the actuator system. One example for such an information system is a weather information system which determines a present or future state of the weather in environment 20.
For example, using input signal x, the classifier 60 may for example detect objects in the vicinity of the at least partially autonomous robot. Output signal y may comprise an information which characterizes where objects are located in the vicinity of the at least partially autonomous robot. Control command A may then be determined in accordance with this information, for example to avoid collisions with said detected objects.
Actuator 10, which is preferably integrated in vehicle 100, may be given by a brake, a propulsion system, an engine, a drivetrain, or a steering of vehicle 100. Actuator control commands A may be determined such that actuator (or actuators) 10 is/are controlled such that vehicle 100 avoids collisions with said detected objects. Detected objects may also be classified according to what the classifier 60 deems them most likely to be, e.g., pedestrians or trees, and actuator control commands A may be determined depending on the classification.
In further embodiments, the at least partially autonomous robot may be given by another mobile robot (not shown), which may, for example, move by flying, swimming, diving or stepping. The mobile robot may, inter alia, be an at least partially autonomous lawn mower, or an at least partially autonomous cleaning robot. In all of the above embodiments, actuator command control A may be determined such that propulsion unit and/or steering and/or brake of the mobile robot are controlled such that the mobile robot may avoid collisions with said identified objects.
In a further embodiment, the at least partially autonomous robot may be given by a gardening robot (not shown), which uses sensor 30, preferably an optical sensor, to determine a state of plants in the environment 20. Actuator 10 may be a nozzle for spraying chemicals. Depending on an identified species and/or an identified state of the plants, an actuator control command A may be determined to cause actuator 10 to spray the plants with a suitable quantity of suitable chemicals.
In even further embodiments, the at least partially autonomous robot may be given by a domestic appliance (not shown), like, e.g., a washing machine, a stove, an oven, a microwave, or a dishwasher. Sensor 30, e.g., an optical sensor, may detect a state of an object which is to undergo processing by the household appliance. For example, in the case of the domestic appliance being a washing machine, sensor 30 may detect a state of the laundry inside the washing machine. Actuator control signal A may then be determined depending on a detected material of the laundry.
Shown in FIG. 3 is an embodiment in which control system 40 is used to control a manufacturing machine 11, e.g., a punch cutter, a cutter or a gun drill) of a manufacturing system 200, e.g., as part of a production line. The control system 40 controls an actuator 10 which in turn control the manufacturing machine 11.
Sensor 30 may be given by an optical sensor which captures properties of, e.g., a manufactured product 12. Classifier 60 may determine a state of the manufactured product 12 from these captured properties. Actuator 10 which controls manufacturing machine 11 may then be controlled depending on the determined state of the manufactured product 12 for a subsequent manufacturing step of manufactured product 12. Or, actuator 10 may be controlled during manufacturing of a subsequent manufactured product 12 depending on the determined state of the manufactured product 12.
Shown in FIG. 4 is an embodiment in which control system 40 is used for controlling an automated personal assistant 250. Sensor 30 may be an optic sensor, e.g., for receiving video images of a gestures of user 249. Alternatively, sensor 30 may also be an audio sensor, e.g., for receiving a voice command of user 249.
Control system 40 then determines actuator control commands A for controlling the automated personal assistant 250. The actuator control commands A are determined in accordance with sensor signal S from sensor 30. Sensor signal S is transmitted to the control system 40. For example, classifier 60 may be configured to, e.g., carry out a gesture recognition algorithm to identify a gesture made by user 249. Control system 40 may then determine an actuator control command A for transmission to the automated personal assistant 250. It then transmits said actuator control command A to the automated personal assistant 250.
For example, actuator control command A may be determined in accordance with the identified user gesture recognized by classifier 60. It may then comprise information that causes the automated personal assistant 250 to retrieve information from a database and output this retrieved information in a form suitable for reception by user 249.
In further embodiments, instead of the automated personal assistant 250, control system 40 controls a domestic appliance (not shown) controlled in accordance with the identified user gesture. The domestic appliance may be a washing machine, a stove, an oven, a microwave or a dishwasher.
Shown in FIG. 5 is an embodiment in which control system controls an access control system 300. Access control system may be designed to physically control access. It may, for example, comprise a door 401. Sensor 30 is configured to detect a scene that is relevant for deciding whether access is to be granted or not. It may for example be an optical sensor for providing image or video data, for detecting a person's face. Classifier 60 may be configured to interpret this image or video data, e.g., by matching identities with known people stored in a database, thereby determining an identity of the person. Actuator control signal A may then be determined depending on the interpretation of classifier 60, e.g., in accordance with the determined identity. Actuator 10 may be a lock which grants access or not depending on actuator control signal A. A non-physical, logical access control is also possible.
Shown in FIG. 6 is an embodiment in which control system 40 controls a surveillance system 400. This embodiment is largely identical to the embodiment shown in FIG. 5. Therefore, only the differing aspects will be described in detail. Sensor 30 is configured to detect a scene that is under surveillance. Control system does not necessarily control an actuator 10, but a display 10a. For example, the machine learning system 60 may determine a classification of a scene, e.g., whether the scene detected by optical sensor 30 is suspicious. Actuator control signal A which is transmitted to display 10a may then, e.g., be configured to cause display 10a to adjust the displayed content dependent on the determined classification, e.g., to highlight an object that is deemed suspicious by machine learning system 60.
Shown in FIG. 7 is an embodiment of a control system 40 for controlling an imaging system 500, for example an MRI apparatus, x-ray imaging apparatus or ultrasonic imaging apparatus. Sensor 30 may, for example, be an imaging sensor. Machine learning system 60 may then determine a classification of all or part of the sensed image. Actuator control signal A may then be chosen in accordance with this classification, thereby controlling display 10a. For example, machine learning system 60 may interpret a region of the sensed image to be potentially anomalous. In this case, actuator control signal A may be determined to cause display 10a to display the imaging and highlighting the potentially anomalous region.
FIG. 8 illustrates schematically a structure of one embodiment of classifier 60. Classifier 60 comprises smoothed classifier g and base classifier f, e.g., a deep neural network. Input signal x is inputted into smoothed classifier g, which is configured to sample a plurality of random numbers ϵ from a standard Gaussian distribution with a predefined standard deviation σ and add them onto input signal x. For each random number ϵ, base classifier f is configured to return a corresponding classification f (x+ϵ). Using this plurality of classifications f (x+ϵ), the smoothed classifier g is then configured to determine top class cA and robustness value ![custom-character]()
, e.g., by using the algorithms illustrated in FIGS. 9 and 10, and output top class cA and robustness value ![custom-character]()
collectively as output signal y. Because of the structure of classifier 60, smoothed classifier g and classifier 60 are used interchangeably.
Shown in FIG. 9 is a flow-chart diagram of an embodiment of a method for determining robustness value ![custom-character]()
. First (901), a predefined number of samples n0 is provided and no random numbers ϵ are sampled from the standard Gaussian distribution with a predefined standard deviation σ are added onto input signal x. For each random number ϵ, base classifier f returns a corresponding classification f(x+ϵ). Estimated top class cA is then determined as the class that occurs most often amongst these corresponding classifications f(x+ϵ).
Then (902), a predefined second number of samples n is provided and n random numbers ϵ are sampled from the standard Gaussian distribution with predefined standard deviation σ are added onto input signal x. For each random number ϵ, base classifier f returns a corresponding classification f(x+ϵ). By counting the number of occurrences of estimated top class cA, a relative frequency
of estimated top class cA is computed. Here, the absolute frequency of occurrences of estimated top class cA is denoted as k.
Next (903), because the statistical sample with n data points is subject to fluctuations, lower bound pA satisfying ![custom-character]()
(f(x+ϵ)=cA)≥pA is computed as a lower confidence bound with probability at least 1−α. This expression may conveniently given by the a quantile of the beta-distribution with parameters k and n-k+1.
For example one could use the following formula with Fa,b,c being the 1−c quantile of the F-distribution with parameters a and b. Then, the lower bound pA may be given by equation
Upper bound pB is computed (904) as pB=1−pA.
Then (905) it is checked whether pA≥pB, in which case the robustness value ![custom-character]()
is computed using equation (2). If pA<pB, the algorithm abstains and issues a default error message, e.g., by setting ![custom-character]()
=−1. This concludes the method.
FIG. 10 illustrates an alternative embodiment of a method for determining top class cA that is less likely to abstain if the top two classes of f(x+ϵ) have similar mass. First (911), n random numbers ϵ are sampled from the standard Gaussian distribution with predefined standard deviation σ are added onto input signal x. For each random number ϵ, base classifier f returns a corresponding classification f(x+ϵ).
Then (912) the top two classes cA, cB are selected as the two most frequently occurring classes amongst these classifications f(x+ϵ). nA and nB denote their absolute frequencies. Then (913), it is checked whether the two-sided binomial hypothesis test that nA is drawn from Binomial (½, nA+nB) returns a p-value of less than α. If this is the case (914), top class cA is returned, otherwise the algorithm abstaind.
Shown in FIG. 11 is a flow-chart diagram of an embodiment of a method for determining whether classifier 60 is robust. First (1100), input signal x which is derived from sensor signal S is provided. Input signal x may be noisy, because sensor signal S may be noisy. Then (1200), predefined threshold value τ is provided. For example, it is possible to provide environmental conditions to which sensor 30 is subjected, e.g., a temperature or a humidity value of air surrounding sensor 30. Then (1300), threshold τ may be determined depending on said environmental conditions, e.g., by means of a look-up table. Threshold τ may be chosen to characterize noise produced by sensor 30, e.g., a standard deviation or statistical variations of pixel values, if sensor 30 is an image or video sensor. Then, robustness value ![custom-character]()
is provided for input signal x. Then (1400), it is determined whether robustness value ![custom-character]()
is larger than τ. If that is the case (1500), classifier 60 is determined to be robust. If not (1600), classifier 60 is determined not to be robust.
Shown in FIG. 12 is a flow-chart diagram of an embodiment of a method for determining whether a classifier 60 is overall robust. To this end, a test data set comprising test input signals xi is provided (2100). Preferably, said test data set is representative of real-world input data. Then (2200), for each test input signal xi, a corresponding robustness value ![custom-character]()
i is determined, e.g., by using the method illustrated in FIG. 9 and providing test input signal xi as input signal x. Next (2300), overall robustness value ![custom-character]()
ov is determined from the set of robustness values {![custom-character]()
i} by taking a value that characterizes this set, e.g., the minimum value, i.e.,
Alternatively, overall robustness value may be selected differently, e.g., as the median or average value of all ![custom-character]()
i. Then (2400), it is decided whether said overall robustness value ![custom-character]()
ov is greater than a second threshold value τ2, which may be provided like threshold value τ in step (1200). If this is the case, classifier 60 is deemed to be overall robust (2500), if not (2600), it is deemed not to be overall robust.
Shown in FIG. 13 is a flow-chart diagram of an embodiment of a method for determining whether an input signal x is well represented in test set {xi} and hence, if classifier 60 trained using said test set is robust around input signal x.
Steps (2100) and (2200) are identical to those in the method illustrated in FIG. 12, steps (1100), (1200) and (1300) are identical to those in the method illustrated in FIG. 11. After robustness value ![custom-character]()
and overall robustness value ![custom-character]()
ov have been determined, it is checked (2650), whether they satisfy inequality
![custom-character]()
≤![custom-character]()
ov·c (4)
If this is the case (2700), input signal x is deemed not to be well represented in the test set and hence classifier 60 trained using the test set is deemed not robust. If this is not the case (2800), input signal x is deemed to be well represented in the test set, and hence classifier 60 is deemed to be robust.
Shown in FIG. 14 is a flow-chart diagram of an embodiment of a method for training smoothed classifier g, which is conveniently achieved by training base classifier f associated with smoothed classifier g, and also simply referred to as ‘training classifier 60’. First, classifier 60 is trained (3100). Then (3200) the overall robustness ![custom-character]()
ov is determined based on the test set used in training and it is determined whether classifier 60 is overall robust. If this is the case, the method concludes (3300). If it is not the case, however, the method branches back to (3100) and training continues.
An actuator control signal (A) may then (916) be determined in accordance with said parameter vu, and actuator (10) may be controlled in accordance with said actuator control signal (A). For example, if said parameter vu indicates a non-vulnerability, said actuator control signal (A) may then be determined to correspond to normal operation mode, whereas, if said parameter vu indicates a vulnerability, said actuator control signal (A) may then be determined to correspond to a fail-safe operation mode, by, e.g., reducing a dynamics of a motion of said actuator (10).
Shown in FIG. 15 is a flow-chart diagram of an embodiment of a method for operating classifier 60. First (4100), classifier 60 is operated. Upon being provided with a new input signal x, it is determining (4200) whether classifier 60 is robust or not using the method in accordance with the present invention. If that is not the case, the method concludes (4500). If it is the case, however, new input signal x is sent (4300) to a remote server where it may be, for example, presented to a human expert from whom said remote server receives a manual classification as target classification. Said target classification is then (4400) receiving, from said remote server, the pair of new input signal (x) and received target classification are added to a training set which may be used to train classifier 60 before operation resumes, or at a later point in time. The method then branches back to step (4100).
Shown in FIG. 16 is a flow-chart diagram of an embodiment of a method for operating classifier 60. First (5100), classifier 60 is operated. Upon being provided with a new input signal x, it is determining (5200) whether classifier 60 is robust or not using the method according to an example embodiment of the present invention. If that is the case, the method concludes (5400), If it is not the case, however, operating parameters of sensors 30 are adjusted (5300), in particular zooming sensor 30 may zoom in on the area of new input signal x for which classifier 60 was deemed not to be robust.
Shown in FIG. 17 is a flow-chart diagram of an embodiment of a method for providing actuator control signal A for controlling actuator 10 depending on an output signal y of classifier 60. First (6100), classifier 60 is operated. Upon being provided with a new input signal x, it is determined whether classifier 60 is robust (6200), e.g., by using the algorithm illustrated in FIG. 9. Actuator control signal is now determined) in accordance with the result of said assessment. If operator 60 is deemed to be robust (6300), actuator control signal A is determined to cause actuator 10 to operate in normal mode. If it is not the case (6400), however, said actuator control signal (A) is determined to cause said actuator (10) to operate in a safe mode
The term “computer” covers any device for the processing of pre-defined calculation instructions. These calculation instructions can be in the form of software, or in the form of hardware, or also in a mixed form of software and hardware.
It is further understood that the procedures cannot only be completely implemented in software as described. They can also be implemented in hardware, or in a mixed form of software and hardware.
Patent Application
20210319268
