Sparse DNNs with Improved Adversarial Robustness

TL;DR

This paper investigates the relationship between sparsity and adversarial robustness in deep neural networks, revealing that higher sparsity can improve robustness up to a point, with nonlinear models behaving differently from linear ones.

Contribution

It provides both theoretical and empirical analysis showing how sparsity affects adversarial robustness in nonlinear DNN classifiers, highlighting optimal sparsity levels.

Findings

Higher sparsity generally improves robustness in nonlinear DNNs.

Over-sparsification can decrease adversarial resistance.

Nonlinear DNNs respond differently to $l_2$ attacks compared to linear models.

Abstract

Deep neural networks (DNNs) are computationally/memory-intensive and vulnerable to adversarial attacks, making them prohibitive in some real-world applications. By converting dense models into sparse ones, pruning appears to be a promising solution to reducing the computation/memory cost. This paper studies classification models, especially DNN-based ones, to demonstrate that there exists intrinsic relationships between their sparsity and adversarial robustness. Our analyses reveal, both theoretically and empirically, that nonlinear DNN-based classifiers behave differently under $l_2$ attacks from some linear ones. We further demonstrate that an appropriately higher model sparsity implies better robustness of nonlinear DNNs, whereas over-sparsified models can be more difficult to resist adversarial examples.