Hardening DNNs against Transfer Attacks during Network Compression using Greedy Adversarial Pruning

06/15/2022
by   Jonah O'Brien Weiss, et al.
0

The prevalence and success of Deep Neural Network (DNN) applications in recent years have motivated research on DNN compression, such as pruning and quantization. These techniques accelerate model inference, reduce power consumption, and reduce the size and complexity of the hardware necessary to run DNNs, all with little to no loss in accuracy. However, since DNNs are vulnerable to adversarial inputs, it is important to consider the relationship between compression and adversarial robustness. In this work, we investigate the adversarial robustness of models produced by several irregular pruning schemes and by 8-bit quantization. Additionally, while conventional pruning removes the least important parameters in a DNN, we investigate the effect of an unconventional pruning method: removing the most important model parameters based on the gradient on adversarial inputs. We call this method Greedy Adversarial Pruning (GAP) and we find that this pruning method results in models that are resistant to transfer attacks from their uncompressed counterparts.

READ FULL TEXT

page 1

page 3

research
12/10/2020

Robustness and Transferability of Universal Attacks on Compressed Models

Neural network compression methods like pruning and quantization are ver...
research
07/29/2022

A One-Shot Reparameterization Method for Reducing the Loss of Tile Pruning on DNNs

Recently, tile pruning has been widely studied to accelerate the inferen...
research
08/16/2023

Benchmarking Adversarial Robustness of Compressed Deep Learning Models

The increasing size of Deep Neural Networks (DNNs) poses a pressing need...
research
08/20/2020

Utilizing Explainable AI for Quantization and Pruning of Deep Neural Networks

For many applications, utilizing DNNs (Deep Neural Networks) requires th...
research
08/19/2021

Pruning in the Face of Adversaries

The vulnerability of deep neural networks against adversarial examples -...
research
11/03/2020

A Tunable Robust Pruning Framework Through Dynamic Network Rewiring of DNNs

This paper presents a dynamic network rewiring (DNR) method to generate ...
research
07/07/2021

Immunization of Pruning Attack in DNN Watermarking Using Constant Weight Code

To ensure protection of the intellectual property rights of DNN models, ...

Please sign up or login with your details

Forgot password? Click here to reset