RoHNAS: A Neural Architecture Search Framework with Conjoint Optimization for Adversarial Robustness and Hardware Efficiency of Convolutional and Capsule Networks

TL;DR

RoHNAS is a neural architecture search framework that jointly optimizes adversarial robustness and hardware efficiency, including for complex DNNs like Capsule Networks, using dataset-specific perturbation analysis.

Contribution

It introduces a novel NAS framework that considers both adversarial robustness and hardware efficiency, extending to Capsule Networks and optimizing exploration time.

Findings

Achieves Pareto-optimal solutions balancing accuracy, energy, memory, and latency.

Demonstrates effectiveness on multi-GPU and HPC systems.

Provides specific metrics for a CIFAR-10 DNN with high accuracy and low energy consumption.

Abstract

Neural Architecture Search (NAS) algorithms aim at finding efficient Deep Neural Network (DNN) architectures for a given application under given system constraints. DNNs are computationally-complex as well as vulnerable to adversarial attacks. In order to address multiple design objectives, we propose RoHNAS, a novel NAS framework that jointly optimizes for adversarial-robustness and hardware-efficiency of DNNs executed on specialized hardware accelerators. Besides the traditional convolutional DNNs, RoHNAS additionally accounts for complex types of DNNs such as Capsule Networks. For reducing the exploration time, RoHNAS analyzes and selects appropriate values of adversarial perturbation for each dataset to employ in the NAS flow. Extensive evaluations on multi - Graphics Processing Unit (GPU) - High Performance Computing (HPC) nodes provide a set of Pareto-optimal solutions, leveraging the tradeoff between the above-discussed design objectives. For example, a Pareto-optimal DNN for the CIFAR-10 dataset exhibits 86.07% accuracy, while having an energy of 38.63 mJ, a memory footprint of 11.85 MiB, and a latency of 4.47 ms.