TL;DR
This paper investigates how quantization of neural networks affects the transferability of adversarial attacks, revealing that quantization generally reduces transferability but some attack types can still enhance it, and transferability metrics can estimate attack success across different quantized models.
Contribution
It systematically studies transferability of adversarial examples among quantized networks, considering various algorithms, bitwidths, and model properties, providing new insights into attack transferability in compressed models.
Findings
Quantization generally reduces transferability of adversarial attacks.
Certain attack types can increase transferability among quantized networks.
Transferability metrics can estimate attack success across different quantized models.
Abstract
Deep Neural Networks (DNNs) are known to be vulnerable to adversarial examples. Further, these adversarial examples are found to be transferable from the source network in which they are crafted to a black-box target network. As the trend of using deep learning on embedded devices grows, it becomes relevant to study the transferability properties of adversarial examples among compressed networks. In this paper, we consider quantization as a network compression technique and evaluate the performance of transfer-based attacks when the source and target networks are quantized at different bitwidths. We explore how algorithm specific properties affect transferability by considering various adversarial example generation algorithms. Furthermore, we examine transferability in a more realistic scenario where the source and target networks may differ in bitwidth and other model-related…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
