The research my group is currently conducting spans over machine learning, formal methods, and robotics. If you are interested in these areas and want to collaborate with us, please feel free to get in touch. Most of my research publications can be found through my Google Scholar profile.
Specifically, we are interested in analysing autonomous systems -- systems that can learn, adapt, and make decisions by themselves -- in terms of their properties (e.g., safety, robustness, trustworthiness, security, etc), to understand if they are applicable to safety critical applications, and constructing autonomous systems with these properties satisfied. This may include (but not limited to)
verification of neural network-based deep learning on safety and security properties,
interpretation and explanation of deep learning, and
logic-based approaches for the specification, verification and synthesis of autonomous multi-agent systems.
Currently, the application areas we are addressing include self-driving cars, underwater vehicles, and other robotics applications. We are also interested in various healthcare applications where safety and interpretability are important. The research my group is doing is summarised (incompletely) in the slides as well as in the "Research" tab of this webpage.
The research has been funded by Dstl, EPSRC, European Commission, Innovate UK, etc. I have been the PI (or Liverpool PI) for projects valued more than £2M, and co-I for more than £15M. Some brief information can be found here.
I am on the role of school research lead of the EEECS school.
The following are a few video demos of our research:
For Prospective Students:
I am always looking for PhD students with strong motivation to actively participate in research. There are a few possible ways of receiving a scholarship, for example
If you have other means of supporting your study, you are also welcomed to get in touch.
New Open Positions:
Workshop Organisation
(11/2022) SafeAI workshop will be held again with AAAI2022. Please submit your papers through SafeAI Workshop Website
(09/2021) Organised a workshop "Safety Assurance for Deep Learning in Underwater Robotics" (website), with other relevant information available at SOLITUDE Project Resources website
(05/2021) AISafety workshop will be held again with IJCAI2021. Please submit your papers through AISafety Website
(08/2020) SafeAI workshop will be held again with AAAI2021.
(03/2020) AISafety workshop will be held again with IJCAI2020.
(08/2019) SafeAI will be held again as a workshop of AAAI2020.
(08/2019) Organising workshop AI&FM2019 at ICFEM2019 , to discuss how to make AI and formal methods (and software engineering) mutually beneficial. It will be on 5th Nov, 2019.
(05/2024) One paper accepted by ICML2024 on "Building Guardrails for Large Language Models", which reviews the current guardrails for foundation models and provides our perspectives (multi-disciplinary approach, whole-system thinking, neural-symbolic implementation, and verification and validation) on how to rigorously and responsibly develop a guardrail. Congrats to Yi, Ronghui, and other co-authors.
(03/2024) One paper accepted by CVPR2024 on "Towards Fairness-Aware Adversarial Learning", which considers fairness during adversarial training. Congrats to Yanghao, and other co-authors.
(02/2024) An AKT project funded: Utilising generative AI, specifically large language models (LLMs) for the searching of technical documentation in a cyber-secure environment, with Dr Ronghui Mu, to work with Leonardo UK.
(02/2024) Two projects funded: A literature review on “Safeguarding LLMs” (PI: Dr Yi Dong), and An Ethical and Robust AI Development Framework: Assessing Correctness and Detecting Fakes (PI: Dr Guangliang Cheng).
(01/2024) Two papers accepted by journals. "Privacy-Preserving Distributed Learning for
Residential Short-Term Load Forecasting" will be published by IEEE Internet of Things, and "Reachability Verification-Based Reliability Assessment for Deep Reinforcement Learning Controlled Robotics and Autonomous Systems" will be published by RA-L. Congratulations to Yi, and all the co-authors.
(12/2023) Three papers were accepted to AAAI-24, concerning the robustness of large lauguage models in terms of its math reasoning ability, the certification of reinforcement learning through randomised smoothing, and the robustness for goal conditioned reinforcement learning, respectively. Congratulations to Zihao, Ronghui, Sihao, and all other co-authors.
(10/2023) We won an Alan Turing project "CRoCS: Certified Robust and Scalable Autonomous Operation in Cyber Space", funded from The AI for Cyber Defence (AICD) Research Centre. It will start from 1st December, 2023.
(08/2023) Our paper "Hierarchical Distribution-Aware Testing of Deep Learning" is accepted by ACM Transactions on Software Engineering and Methodology, a top journal in sofoware engineering.
(07/2023) One paper accepted to ACM MM 2023.
(07/2023) Paper "SAFARI: Versatile and Efficient Evaluations for Robustness of Interpretability" accepted to ICCV2023, congrats to Wei and co-authors
(02/2023) Paper "Randomized Adversarial Training via Taylor Expansion" accepted to CVPR2023, congrats to Gaojie and co-authors
(01/2023) Paper "Decentralised and Cooperative Control of Multi-Robot Systems through Distributed Optimisation" accepted to AAMAS2023, congrats to Yi and co-authors
(11/2022) Paper "Towards Verifying the Geometric Robustness of Large-scale Neural Networks" accepted to AAAI2023, congrats to all co-authors
(10/2022) With Xingyu Zhao and Yi Dong, we are awarded a project on UK and US governments launched challenge on privacy-enhancing technologies (PETs), where we are developing a federated/distributed learning that is able to consider scalability (i.e., number of users), privacy, accuracy, communication complexity, and efficiency, and will apply the algorithm to two applications on financial crimes and COVID healthcare, respectively.
(10/2022) To give an invited talk to ICFEM2022. slides.
(12/2022) textbook "Machine Learning Safety" will be published in December 2022.
(07/2022) our paper "Adversarial Label Poisoning Attack on Graph Neural Networks via Label Propagation" was accepted to ECCV this year. Congratulations to Ganlin, and all co-authors.
(06/2022) our papers "Dependability Analysis of Deep Reinforcement Learning based Robotics and Autonomous Systems" and "STUN: Self-Teaching Uncertainty Estimation for Place Recognition" were accepted to IROS this year. Congratulations to Yi and Kaiwen, and all co-authors.
(06/2022) Gave invited talk on "Is Deep Learning Certifiable at all?" to TAI-RM2022 workshop and to the SAE G-34/EUROCAE WG-114 Technical Talk.
(03/2022) Congratulations to Gaojie, whose paper on "enhancing adversarial training with second order statistics of weights" was accepted to CVPR this year.
(03/2022) Gave a talk at Université Grenoble Alpes on "Machine Learning Safety (and Security)"
(10/2021) Congratulations to Yanda, who has three papers published at ICCV2021, IEEE transactions on Medicai Imaging, and MICCAI2021, respectively, on deep learning in healthcare.
(10/2021) Warmest Welcome to Mr Yi Qi and Mr Sihao Wu on their joining the group to start PhD.
(08/2021) Delivered a tutorial to IJCAI'2021 on "Towards Robust Deep Learning Models: Verification, Falsification, and Rectification" with Wenjie, Elena, and Xinping. Tutorial information is available at the website: https://tutorial-ijcai.trustai.uk.
(07/2021) Congratulations to Wei, who is one of the winners of the SIEMENSE AI-DA challenge (https://ecosystem.siemens.com/topic/detail/default/33), which concerns how to assess the dependability of machine learning models. Specifically, he won the “most original approach” award. There were 32 teams from 15 countries participated in this challenge. This work also won the best paper award in AISafety2021, paper is available.
(07/2021) One paper accepted by ICCV2021. Congratulations to Yanda.
(07/2021) Our paper "Embedding and Synthesis of Knowledge in Tree Ensemble Classifiers" has been accepted by Machine Learning journal. Congratulations to Wei and Xingyu.
(05/2021) Congratulations to Xingyu and Wei, whose paper on "BayLIME: Bayesian Local Interpretable Model-Agnostic Explanations" has been accepted to UAI2021. This paper develops a Bayesian method for the well-known LIME explainable AI method, to address the issue of robustness and consistency in explanations. Now, the explanations are not only more accurate but also more robust.
(05/2021) Congratulations to Wei, whose paper on "Coverage Guided Testing for Recurrent Neural Networks" has been accepted to IEEE transactions on Reliability. This paper develops temporal based coverage metrics for the testing of LSTMs.
(11/2020) Going to give tutorial on "Adversarial Robustness of Deep Learning: Theory, Algorithms, and Applications" to ICDM2020 with Wenjie Ruan and Xinping Yi. Website: https://tutorial.trustdeeplearning.com
(10/2020) Started a new project "SOLITUDE: Safety Argument for Learning-enabled Autonomous Underwater Vehicles." with Xingyu Zhao, Simon Maskell, Sven Schewe, Sen Wang (Heriot Watt) on developing safety assurance argument for autonomous underwater vehicles.
(09/2020) Congratulations to Gaojie Jin! Paper "How does Weight Correlation Affect Generalisation Ability of Deep Neural Networks?" has been accepted to NeurIPS2020. We study a "correct by construction" question -- how to train a neural network with good generalisation ability (i.e., reliability)? -- and find that this is possible by tracking and controlling a Weight Correlation over the trainable parameters during the training. Experiments show that the improvement is persistent across small networks and large scale networks such as VGG16. The weight correlation can also be used to predict if a model generalises well, without using test data which might not be available in practical scenarios. Please check paper from Arxiv.
(08/2020) Our paper "Generalizing Universal Adversarial Attacks Beyond Additive Perturbations" has been accepted to ICDM2020.
(08/2020) Our paper "PRODEEP: a platform for robustness verification of deep neural networks" has been accepted to ESEC/FSE2020.
(07/2020) Our paper "Lightweight Statistical Explanations for Deep Neural Networks" has been accepted to ECCV2020.
(07/2020) Our paper "Regression of Instance Boundary by Aggregated CNN and GCN" has been accepted to ECCV2020.
(06/2020) Congratulations to Wei Huang! Our paper "Practical Verication of Neural Network Enabled State Estimation System for Robotics" has been accepted to IROS2020.
(05/2020) Our survey paper "A Survey of Safety and Trustworthiness of Deep Neural Networks" has been accepted to the journal of Computer Science Survey. It's current arXiv version is here
We entail in the following several research directions that we have fostered or contributed in the past years. We use [Journal Name, Year] to denote a journal publication and [ConferenceAbbreviation+Year] to denote a conference paper.
(a) Safety and Trustworthiness of AI Systems
We publish a textbook [Machine Learning Safety, Springer 2023], which has a comprehensive discussion on broad topics related to the safety of various machine learning algorithms, covering both deep learning algorithms and traditional machine learning algorithms.
We conduct a survey [Computer Survey Review, 2020] about four groups of techniques that can be utilised to support the safety and trustworthiness of deep neural networks: verification, testing, adversarial attack and defence, and interpretability. In an invited paper [ICFEM2022], we formalise the specifications of a set of machine learning vulnerabilities, including generalisation, robustness, security, privacy, and explainable AI properties. The full version of paper is published in [Journal of Logical and Algebraic Methods in Programming, 2024 ]. We also have several other reviews on the adversarial robustness [CIKM2021] and the verification and validation techniques for e.g., robotics systems [Robotics, 2021], and multiagent systems [AI Communications, 2022].
We consider how to build guardrails (which detect the failures in real time) for foundation models, and offer our perspectives in [ICML2024].
We also consider the large language models and conduct a survey [Artificial Intelligence Review, 2024] about their safety and trustworthiness from the perspectives of verification and validation.
Considering systems where machine learning modesl are components (e.g., perception, navigation, guidance, control), we develop verification algorithms for generic autonomous systems with temporal behaviour (by reduction to probabilistic model checking) [IROS2022a], and state estimation systems [IROS2020]. We also consider verification of both robustness and resilience [Neurocomputing, 2024], as well as extending robustness verification to the deep reinforcement learning [RA-L, 2024].
We extend randomised smoothing technique to reinforcement learning for the lower bound certification of the cumulative reward, to obtain smoothed policies under various Lp-norm bounded perturbations [AAAI2024b].
We start looking into verification of large foundational models, including stable diffusion [ECCV2024-a].
(c) Falsification (Testing, Attacks) of Neural Networks
In parallel with DeepXplore, we study the adaptation of software testing methods to find "bugs" in neural network [ArXiv, 2018]. We propose a concolic (i.e., a combination of concrete execution and symbolic execution) testing method [ASE2018] and a structural testing criteria that resemble the MC/DC criteria in softare testing [ACM Transactions on Embedded Computing Systems, 2019], ["ICSE2019b], and develop them into a tool DeepConcolic [ICSE2019a]. In addition to the convolutional neural netowrks, we also consider testing methods for recurrent neural networks [IEEE Transactions on Reliability, 2022].
Beyond machine learning models, we also consider testing methods for complex systems where machine learning models are components, e.g., a vehicle tracking system [ICRA2020].
(d) Enhancements to Neural Networks (Adversarial Training, Uncertainty Quantification)
We consider rigorous methods to improve the properties of neural networks. In [NeurIPS2020], we study the weight correlation and suggest that generalisation can be improved if weight correlation can be reduced. In addition to empirical experiments, we extend the PAC Bayesian theory to support our conclusion. The weight correlation is then utilised for the interpretation of dropout [Transactions of Machine Learning Research, 2022]. Other than the generalisation, we consider the adversarial training for the robustness improvement through second order statistics [CVPR2022], Taylor expansion [CVPR2023], etc.
We also consider the improvement of neural network training through the estimation of uncertainty, by considering a teacher-student framework [IROS2022b], a spatial uncertainty-aware teacher-student framework [ICCV2021], and a probabilistic embedding [IEEE Robotics and Automation Letters,2023a].
For Goal-Conditioned Reinforcement Learning (GCRL), we propose a novel semi-contrastive representation attack, and use it together with a sensitivity-aware regularizer for the improvement of the adversarial robustness [AAAI2024c].
We consider fairness-aware adversarial training in [CVPR2024].
Due to the black-box nature of deep neural networks, explainable AI has become a research topic. In [ECCV2020a], we propose a novel explainable AI method by utilising fault localisation methods. In [UAI2021], we consider a Bayesian enhancement to the existing explainable AI methods, and suggest that they are able to improve the consistency, robustness, and fidelity of the explanantions. In [ICCV2023], we study the interaction of XAI with robustness, and propose novel algorithms to discover their inconsistency.
(f) Aassurance of Neural Networks and Learning-Enabled Systems
We are one of the first few to consider enhancing existing safety assurance approach to deal with the machine learning components. In additio to the general framework [SafeCOMP2020], we consider several key aspects that need to be adapted, including operational profile [DSN2021], robustness evaluation [ACM Transactions on Software Engineering and Methodology, 2023], and Hazard analysis [ITSC2023].
We construct symbolic runtime monitor by extracting features from hidden layer and clustering similar features with geometric shapes such as boxes [IROS2024].
(h) Large Language Models and Other Generative AI Models
We investigate large language models in terms of their various abilities, for example, the math solving ability by proposing a new robustness attack that preserves the mathematical logic of the original math word problem [AAAI2024a] and a test case generation method [ACL2023], the collaboration ability when it works with human experts in safety analysis [ArXiv, 2023b].
We consider how to build guardrails (which detect the failures in real time) for foundation models, and offer our perspectives in [ICML2024].
We also consider a survey on the safety and trustworthiness of the large language models [Artificial Intelligence Review, 2024], from the perspectives of verification and validation.
We study spiking neural networks [Frontier in Neuroscience, 2022], which is more energy-efficient than the usual convolutional neural networks in inference. Other than the optimal translation from CNNs, we also consider the optimisation of energy consumption through training and a novel cutoff mechanism that is useful in inference stage [ArXiv 2023b].
In the survey [Artificial Intelligence Review, 2024], we have a summarisation of various large language models in terms of their energy consumption.
In addition to Boolean systems, we also work with probabilistic systems, concerning probabilistic logics [AAAI2012a], [AAMAS2013a], their model checking complexity [AAAI2016a], and their model checking algorithms [TARK2011, IJCAI2018b].
Based on the above results, we propose a logic to reasoning about cognitive trust in a probabilistic multiagent setting [AAAI2017], [ACM Transactions on Computational Logic, 2019].
We also consider verification of other systems and other properties, including battery prognostics and health management [SEFM2019], pursuit-evasion games [IJCAI2011], [AAAI2012b], [ECAI2010].
To consider learning-enabled systems, we start looking into the specication languages. In an invited paper [ICFEM2022], we formalise the specifications of a set of machine learning vulnerabilities, including generalisation, robustness, security, privacy, and explainable AI properties. The full version of paper is published in [Journal of Logical and Algebraic Methods in Programming, 2024 ].
MBDA & WSTC project on "Adaptive & reactive mission execution", PI, with Jason Ralph and Simon Maskell, 2019 - 2020
Defence Science Technology Laboratory (DSTL) PhD studentship on "Statistical Approach to Assess the Trustworthiness of Robotics and AI", PI, 2020 - 2024
Test Coverage Metrics for Artificial Intelligence -- v2.0.
Recent Invited Talks, Seminars, and Panel Discussions:
(10/2022) To give an invited talk to ICFEM2022. slides.
(06/2022) Gave invited talk on "Is Deep Learning Certifiable at all?" to TAI-RM2022 workshop and to the SAE G-34/EUROCAE WG-114 Technical Talk.
(03/2022) Gave a talk at Université Grenoble Alpes on "Machine Learning Safety (and Security)"
(08/2021) Delivered a tutorial to IJCAI'2021 on "Towards Robust Deep Learning Models: Verification, Falsification, and Rectification" with Wenjie, Elena, and Xinping. Tutorial information is available at the website: https://tutorial-ijcai.trustai.uk.
(08/2020) Will give lecturers on verification of neural networks at Summer School Marktoberdorf 2020("Safety and Security of Software Systems: Logics, Proofs, Applications").
(05/2020) Will give an invited talk at University of Exeter.
(03/2020) Will give an invited talk at MMB2020 on "Safety Certification of Deep Learning".
(09/2018) Slides of my talk at Nanjing University can be found here.
(07/2018) Slides of my talk at Imperial can be found here.
(04/2018) Gave an invited talk on "Verification and Testing of Deep Learning" for the ETAPS workshop on "Formal Methods For ML-Enabled Autonomous System (FOMLAS2018)".
January 2018, Toulouse, France. Invited panel discussion on how machine learning technique could be used (or not) for safety-critical applications, oragnised by ONERA The French Aerospace Lab and AirBus. The 9th European Congress on Embedded Real Time Software and Systems (ERTS 2018). https://www.erts2018.org/
April 2018, Thessaloniki, Greece. Verification of Deep Neural Networks. Invited Talk to the ETAPS 2018 workshop on formal methods for ML-enabled autonomous systems (FoMLAS2018). https://fomlas2018.fortiss.org
Januray 2018, Florida, US. Invited talk and panelist of a session in SciTech2018 on the Interaction of Software Assurance and Risk Assessment Based Operation of Unmanned Aircraftsession. Organised by The American Institute of Aeronautics and Astronautics (AIAA).
December 2017, Beijing, China. Verification of Robotics and Autonomous Systems. Invited talk to the workshop on the Verification of Large Scale Real-Time Embeded Systems. Slides are available from here.
September 2017, Visegrad, Hungary. Verification of Robotics and Autonomous Systems. Invited Talk to the 11th Alpine Verification Meeting (AVM2017). http://avm2017.inf.mit.bme.hu. Slides are availabe from here
November 2015, Oxford, UK. Reasoning About Trust in Autonomous Multiagent Systems. Univeristy of Oxford.
Open Positions:
Postdocs or graduate research associates in the project where I was/am the primary investigator
Ms Amany Alshareef, started from 03/2019, with Prof. Sven Schewe as the co-supervisor. Before coming to Liverpool, Amany has an MSc at Ball State University and a BSc at Umm Al-Qura University.
topic: testing deep learning
03/2019 - 12/2023
Dr Gaojie Jin, with Dr. Xinping Yi as the co-supervisor. Before coming to Liverpool, Gaojie has an MSc at Liverpool University and a BSc at Peking University.
topic: Reliable Deep Neural Networks with Randomised Weights
03/2019 - 07/2023, now at the University of Exeter
Dr Wei Huang, with Prof. Shang-Hong Lai at National Tsing Hua University, Taiwan, as the co-supervisor. Before coming to Liverpool, Wei has an MSc at Imperial College and a BSc at Xiamen University.
topic: Verification and Validation of Machine Learning Safety in Learning-Enabled Autonomous Systems
02/2019 - 07/2023, now at Purple Mountain Laboratories
Ms Emese Thamo, with Dr Yannis Goulermas as the co-supervisor. Before coming to Liverpool, Emese has a BSc at Cambridge.
topic: Improving the Safety of Deep Reinforcement Learning Algorithms by Making Them More Interpretable
10/2018 -
Visitors:
Dr Chen Zhang, China University of Mining and Technology. 12/2019 - 11/2020
Mr Zhixuan Xu, Renming University of China. 10/2019 - 10/2020
Mr Francesco Crecchi, University of Pisa, Italy. 04/2019 - 06/2019
"Robotics and Artificial Intelligence" Reading group is to hold a weekly meeting where one of the members will have a 30-40 minutes talk, discussing either their own papers, papers from other research groups, or anything that they are interested in. This will be followed by a Q&A and discussion session among the group on the topic.
Membership:
Anyone can join by request. If you are interested in, please feel free to drop me a message.
Venue:
Due to the lockdown, we are mainly holding this through virtual meetings (please click: Zoom meeting).
Meeting time:
Starting from the week of 24th August, the meeting time is moved to Tuesday 11:00-12:00, London time.
Talk Schedule:
Please refer to the webpage at ACPS lab for the detailed information about the reading group.