On the Adversarial Robustness of Quantized Neural Networks

TL;DR

This paper investigates how quantization, a common neural network compression technique, impacts the adversarial robustness of models, revealing that effects vary with attack strength and type.

Contribution

It provides the first systematic analysis of the relationship between quantization and adversarial robustness in neural networks.

Findings

Quantization can both improve and degrade robustness depending on attack strength.

The effect of quantization on robustness varies with the type of adversarial attack.

Quantized models show different robustness profiles compared to full-precision models.

Abstract

Reducing the size of neural network models is a critical step in moving AI from a cloud-centric to an edge-centric (i.e. on-device) compute paradigm. This shift from cloud to edge is motivated by a number of factors including reduced latency, improved security, and higher flexibility of AI algorithms across several application domains (e.g. transportation, healthcare, defense, etc.). However, it is currently unclear how model compression techniques may affect the robustness of AI algorithms against adversarial attacks. This paper explores the effect of quantization, one of the most common compression techniques, on the adversarial robustness of neural networks. Specifically, we investigate and model the accuracy of quantized neural networks on adversarially-perturbed images. Results indicate that for simple gradient-based attacks, quantization can either improve or degrade adversarial robustness depending on the attack strength.