Existing preimage approximation methods for neural network verification exhibit poor scalability under patch-based attacks (e.g., local occlusion, lighting perturbations). Method: This paper introduces three key enhancements to the PREMAP algorithm: (i) tighter output interval bounds via refined interval propagation, (ii) adaptive Monte Carlo sampling for efficient coverage estimation, and (iii) a branch-and-bound heuristic that prunes the search space dynamically. The approach integrates interval arithmetic, stochastic sampling, and domain-specific pruning, supporting both fully connected and convolutional networks. Contribution/Results: Experiments demonstrate over 10× speedup on reinforcement learning control benchmarks; for the first time, feasible preimage verification is achieved for medium-scale CNNs. The method enables quantitative evaluation of input coverage—providing a scalable, formally verifiable solution for local robustness certification in safety-critical applications.

The growing reliance on artificial intelligence in safety- and security-critical applications demands effective neural network certification. A challenging real-world use case is certification against ``patch attacks'', where adversarial patches or lighting conditions obscure parts of images, for example traffic signs. One approach to certification, which also gives quantitative coverage estimates, utilizes preimages of neural networks, i.e., the set of inputs that lead to a specified output. However, these preimage approximation methods, including the state-of-the-art PREMAP algorithm, struggle with scalability. This paper presents novel algorithmic improvements to PREMAP involving tighter bounds, adaptive Monte Carlo sampling, and improved branching heuristics. We demonstrate efficiency improvements of at least an order of magnitude on reinforcement learning control benchmarks, and show that our method scales to convolutional neural networks that were previously infeasible. Our results demonstrate the potential of preimage approximation methodology for reliability and robustness certification.