Attacking Compressed Vision Transformers

TL;DR

This paper investigates how different compression techniques affect the transferability and robustness of adversarial attacks on state-of-the-art Vision Transformer models used in edge devices.

Contribution

It provides a comparative analysis of adversarial attack transferability across various compressed Vision Transformer models and compression methods.

Findings

Compression impacts adversarial transferability

Certain compression techniques increase model vulnerability

Insights into robustness of compressed models

Abstract

Vision Transformers are increasingly embedded in industrial systems due to their superior performance, but their memory and power requirements make deploying them to edge devices a challenging task. Hence, model compression techniques are now widely used to deploy models on edge devices as they decrease the resource requirements and make model inference very fast and efficient. But their reliability and robustness from a security perspective is another major issue in safety-critical applications. Adversarial attacks are like optical illusions for ML algorithms and they can severely impact the accuracy and reliability of models. In this work we investigate the transferability of adversarial samples across the SOTA Vision Transformer models across 3 SOTA compressed versions and infer the effects different compression techniques have on adversarial attacks.