Impact of Architectural Modifications on Deep Learning Adversarial Robustness

TL;DR

This paper evaluates how modifications to deep learning architectures affect their robustness against adversarial attacks, emphasizing the importance of assessing model changes for safety-critical applications.

Contribution

It provides an experimental analysis of the impact of model modifications on adversarial robustness, highlighting the need for thorough robustness assessments.

Findings

Model modifications can significantly alter robustness levels.

Certain architectural changes improve resistance to specific attacks.

Robustness varies widely depending on the type of modification.

Abstract

Rapid advancements of deep learning are accelerating adoption in a wide variety of applications, including safety-critical applications such as self-driving vehicles, drones, robots, and surveillance systems. These advancements include applying variations of sophisticated techniques that improve the performance of models. However, such models are not immune to adversarial manipulations, which can cause the system to misbehave and remain unnoticed by experts. The frequency of modifications to existing deep learning models necessitates thorough analysis to determine the impact on models' robustness. In this work, we present an experimental evaluation of the effects of model modifications on deep learning model robustness using adversarial attacks. Our methodology involves examining the robustness of variations of models against various adversarial attacks. By conducting our experiments, we aim to shed light on the critical issue of maintaining the reliability and safety of deep learning models in safety- and security-critical applications. Our results indicate the pressing demand for an in-depth assessment of the effects of model changes on the robustness of models.