Towards Compact and Robust Deep Neural Networks
Vikash Sehwag, Shiqi Wang, Prateek Mittal, Suman Jana
TL;DR
This paper introduces a novel pruning method for deep neural networks that maintains both high accuracy and robustness against adversarial attacks while achieving significant compression.
Contribution
It proposes a new pruning strategy that preserves robustness and accuracy, aligning training objectives and being agnostic to pre-training and fine-tuning goals.
Findings
Preserves 93% benign accuracy after pruning
Maintains 92.5% empirical robust accuracy
Achieves 85% verifiable robustness with 10x compression
Abstract
Deep neural networks have achieved impressive performance in many applications but their large number of parameters lead to significant computational and storage overheads. Several recent works attempt to mitigate these overheads by designing compact networks using pruning of connections. However, we observe that most of the existing strategies to design compact networks fail to preserve network robustness against adversarial examples. In this work, we rigorously study the extension of network pruning strategies to preserve both benign accuracy and robustness of a network. Starting with a formal definition of the pruning procedure, including pre-training, weights pruning, and fine-tuning, we propose a new pruning method that can create compact networks while preserving both benign accuracy and robustness. Our method is based on two main insights: (1) we ensure that the training…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Advanced Neural Network Applications
MethodsPruning