Model Compression with Adversarial Robustness: A Unified Optimization Framework
Abstract
Deep model compression has been extensively studied, and state-of-the-art methods can now achieve high compression ratios with minimal accuracy loss. This paper studies model compression through a different lens: could we compress models without hurting their robustness to adversarial attacks, in addition to maintaining accuracy? Previous literature suggested that the goals of robustness and compactness might sometimes contradict. We propose a novel Adversarially Trained Model Compression (ATMC) framework. ATMC constructs a unified constrained optimization formulation, where existing compression means (pruning, factorization, quantization) are all integrated into the constraints. An efficient algorithm is then developed. An extensive group of experiments are presented, demonstrating that ATMC obtains remarkably more favorable trade-off among model size, accuracy and robustness, over currently available alternatives in various settings. The codes are publicly available at: https://github.com/shupenggui/ATMC.
Cite
Text
Gui et al. "Model Compression with Adversarial Robustness: A Unified Optimization Framework." Neural Information Processing Systems, 2019.Markdown
[Gui et al. "Model Compression with Adversarial Robustness: A Unified Optimization Framework." Neural Information Processing Systems, 2019.](https://mlanthology.org/neurips/2019/gui2019neurips-model/)BibTeX
@inproceedings{gui2019neurips-model,
title = {{Model Compression with Adversarial Robustness: A Unified Optimization Framework}},
author = {Gui, Shupeng and Wang, Haotao and Yang, Haichuan and Yu, Chen and Wang, Zhangyang and Liu, Ji},
booktitle = {Neural Information Processing Systems},
year = {2019},
pages = {1285-1296},
url = {https://mlanthology.org/neurips/2019/gui2019neurips-model/}
}