Fault Tolerance of Neural Networks in Adversarial Settings

TL;DR

This paper investigates the trade-offs between fault tolerance, privacy, and adversarial robustness in deep neural networks, revealing that enhancing one aspect often compromises others, and provides theoretical bounds for differential privacy's impact on fault tolerance.

Contribution

It offers a novel analysis of the interplay between fault tolerance, privacy, and adversarial robustness in neural networks, including theoretical bounds for differential privacy effects.

Findings

Adversarial robustness and fault tolerance are at odds when training with noise.

Differential privacy enhances fault tolerance, with a theoretical upper bound on generalization error.

Trade-offs between trust pillars are crucial for balanced neural network design.

Abstract

Artificial Intelligence systems require a through assessment of different pillars of trust, namely, fairness, interpretability, data and model privacy, reliability (safety) and robustness against against adversarial attacks. While these research problems have been extensively studied in isolation, an understanding of the trade-off between different pillars of trust is lacking. To this extent, the trade-off between fault tolerance, privacy and adversarial robustness is evaluated for the specific case of Deep Neural Networks, by considering two adversarial settings under a security and a privacy threat model. Specifically, this work studies the impact of the fault tolerance of the Neural Network on training the model by adding noise to the input (Adversarial Robustness) and noise to the gradients (Differential Privacy). While training models with noise to inputs, gradients or weights enhances fault tolerance, it is observed that adversarial robustness and fault tolerance are at odds with each other. On the other hand, ($\epsilon,\delta$)-Differentially Private models enhance the fault tolerance, measured using generalisation error, theoretically has an upper bound of $e^{\epsilon} - 1 + \delta$. This novel study of the trade-off between different elements of trust is pivotal for training a model which satisfies the requirements for different pillars of trust simultaneously.