Generalized Depthwise-Separable Convolutions for Adversarially Robust and Efficient Neural Networks

TL;DR

This paper introduces Generalized Depthwise-Separable convolutions, a post-training method that significantly boosts the throughput of CNNs on real hardware while maintaining adversarial robustness, without additional training.

Contribution

The paper proposes GDWS, a universal, post-training approximation technique for 2D convolutions that enhances efficiency and preserves robustness, with proven optimality and scalable algorithms.

Findings

GDWS improves CNN throughput on real hardware.

GDWS maintains robustness against adversarial attacks.

GDWS is scalable and operates without additional training.

Abstract

Despite their tremendous successes, convolutional neural networks (CNNs) incur high computational/storage costs and are vulnerable to adversarial perturbations. Recent works on robust model compression address these challenges by combining model compression techniques with adversarial training. But these methods are unable to improve throughput (frames-per-second) on real-life hardware while simultaneously preserving robustness to adversarial perturbations. To overcome this problem, we propose the method of Generalized Depthwise-Separable (GDWS) convolution -- an efficient, universal, post-training approximation of a standard 2D convolution. GDWS dramatically improves the throughput of a standard pre-trained network on real-life hardware while preserving its robustness. Lastly, GDWS is scalable to large problem sizes since it operates on pre-trained models and doesn't require any additional training. We establish the optimality of GDWS as a 2D convolution approximator and present exact algorithms for constructing optimal GDWS convolutions under complexity and error constraints. We demonstrate the effectiveness of GDWS via extensive experiments on CIFAR-10, SVHN, and ImageNet datasets. Our code can be found at https://github.com/hsndbk4/GDWS.