ML Anthology

Sparse DNNs with Improved Adversarial Robustness

Yiwen Guo, Chao Zhang, Changshui Zhang, Yurong Chen
NeurIPS 2018 pp. 242-251
/neurips/2018/guo2018neurips-sparse/

Abstract

Deep neural networks (DNNs) are computationally/memory-intensive and vulnerable to adversarial attacks, making them prohibitive in some real-world applications. By converting dense models into sparse ones, pruning appears to be a promising solution to reducing the computation/memory cost. This paper studies classification models, especially DNN-based ones, to demonstrate that there exists intrinsic relationships between their sparsity and adversarial robustness. Our analyses reveal, both theoretically and empirically, that nonlinear DNN-based classifiers behave differently under $l_2$ attacks from some linear ones. We further demonstrate that an appropriately higher model sparsity implies better robustness of nonlinear DNNs, whereas over-sparsified models can be more difficult to resist adversarial examples.

PDF NeurIPS Semantic Scholar

Cite

Text

Guo et al. "Sparse DNNs with Improved Adversarial Robustness." Neural Information Processing Systems, 2018.

Markdown

[Guo et al. "Sparse DNNs with Improved Adversarial Robustness." Neural Information Processing Systems, 2018.](https://mlanthology.org/neurips/2018/guo2018neurips-sparse/)

BibTeX

@inproceedings{guo2018neurips-sparse,
  title     = {{Sparse DNNs with Improved Adversarial Robustness}},
  author    = {Guo, Yiwen and Zhang, Chao and Zhang, Changshui and Chen, Yurong},
  booktitle = {Neural Information Processing Systems},
  year      = {2018},
  pages     = {242-251},
  url       = {https://mlanthology.org/neurips/2018/guo2018neurips-sparse/}
}