Achieving Adversarial Robustness via Sparsity

TL;DR

This paper investigates how network sparsity influences adversarial robustness, proving a theoretical link and demonstrating that sparsity can enhance robustness through experiments and a novel training method.

Contribution

It provides the first theoretical proof connecting weight sparsity with robustness and introduces a new adversarial training approach based on inverse weights inheritance.

Findings

Sparsity improves model robustness in adversarial settings.

Weights inheritance from lottery tickets enhances robustness.

The proposed inverse weights inheritance method boosts large network robustness.

Abstract

Network pruning has been known to produce compact models without much accuracy degradation. However, how the pruning process affects a network's robustness and the working mechanism behind remain unresolved. In this work, we theoretically prove that the sparsity of network weights is closely associated with model robustness. Through experiments on a variety of adversarial pruning methods, we find that weights sparsity will not hurt but improve robustness, where both weights inheritance from the lottery ticket and adversarial training improve model robustness in network pruning. Based on these findings, we propose a novel adversarial training method called inverse weights inheritance, which imposes sparse weights distribution on a large network by inheriting weights from a small network, thereby improving the robustness of the large network.