Stochastic-Shield: A Probabilistic Approach Towards Training-Free Adversarial Defense in Quantized CNNs

TL;DR

Stochastic-Shield introduces a probabilistic, training-free defense mechanism for quantized CNNs that enhances robustness against adversarial attacks without additional training or fine-tuning.

Contribution

It proposes a novel probabilistic framework using Monte Carlo Dropout for adversarial defense in quantized neural networks, eliminating the need for retraining.

Findings

Effective adversarial robustness achieved without retraining.

Combines input filtering with probabilistic deep learning.

Maintains efficiency in quantized models.

Abstract

Quantized neural networks (NN) are the common standard to efficiently deploy deep learning models on tiny hardware platforms. However, we notice that quantized NNs are as vulnerable to adversarial attacks as the full-precision models. With the proliferation of neural networks on small devices that we carry or surround us, there is a need for efficient models without sacrificing trust in the prediction in presence of malign perturbations. Current mitigation approaches often need adversarial training or are bypassed when the strength of adversarial examples is increased. In this work, we investigate how a probabilistic framework would assist in overcoming the aforementioned limitations for quantized deep learning models. We explore Stochastic-Shield: a flexible defense mechanism that leverages input filtering and a probabilistic deep learning approach materialized via Monte Carlo Dropout. We show that it is possible to jointly achieve efficiency and robustness by accurately enabling each module without the burden of re-retraining or ad hoc fine-tuning.