Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
80 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Samples on Thin Ice: Re-Evaluating Adversarial Pruning of Neural Networks (2310.08073v1)

Published 12 Oct 2023 in cs.LG and cs.CV

Abstract: Neural network pruning has shown to be an effective technique for reducing the network size, trading desirable properties like generalization and robustness to adversarial attacks for higher sparsity. Recent work has claimed that adversarial pruning methods can produce sparse networks while also preserving robustness to adversarial examples. In this work, we first re-evaluate three state-of-the-art adversarial pruning methods, showing that their robustness was indeed overestimated. We then compare pruned and dense versions of the same models, discovering that samples on thin ice, i.e., closer to the unpruned model's decision boundary, are typically misclassified after pruning. We conclude by discussing how this intuition may lead to designing more effective adversarial pruning methods in future work.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (20)
  1. Square attack: A query-efficient black-box adversarial attack via random search. In A. Vedaldi, H. Bischof, T. Brox, and J. Frahm, editors, Computer Vision - ECCV 2020 - 16th European Conference, Glasgow, UK, August 23-28, 2020, Proceedings, Part XXIII, volume 12368 of Lecture Notes in Computer Science, pages 484–501. Springer, 2020.
  2. Evasion attacks against machine learning at test time. In ECML PKDD, Part III, volume 8190 of LNCS, pp. 387–402. Springer Berlin Heidelberg, 2013.
  3. B. Biggio and F. Roli. Wild patterns: Ten years after the rise of adversarial machine learning. Patt. Rec., 84:317–331, 2018.
  4. What is the state of neural network pruning? In I. S. Dhillon, D. S. Papailiopoulos, and V. Sze, editors, Proc. Machine Learning and Systems 2020, MLSys 2020, Austin, TX, USA, March 2-4, 2020.
  5. N. Carlini and D. A. Wagner. Towards evaluating the robustness of neural networks. In IEEE Symp. on Sec. and Privacy, pages 39–57. IEEE Computer Society, 2017.
  6. Robustbench: a standardized adversarial robustness benchmark.
  7. F. Croce and M. Hein. Minimally distorted adversarial examples with a fast adaptive boundary attack. In ICML, 2020.
  8. F. Croce and M. Hein. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In ICML, 2020.
  9. Explaining and harnessing adversarial examples. In ICLR, 2015.
  10. Model compression with adversarial robustness: A unified optimization framework. In NeurIPS 2019, December 8-14, 2019, Vancouver, BC, Canada, pages 1283–1294, 2019.
  11. What do compressed deep neural networks forget?, 2019.
  12. Optimal brain damage. In D. S. Touretzky, editor, [NIPS Conference, Denver, Colorado, USA, November 27-30, 1989], pages 598–605. Morgan Kaufmann, 1989.
  13. Lost in pruning: The effects of pruning neural networks beyond test accuracy. In A. Smola, A. Dimakis, and I. Stoica, editors, Proceedings of Machine Learning and Systems 2021, MLSys 2021, virtual, April 5-9, 2021. mlsys.org, 2021.
  14. Towards deep learning models resistant to adversarial attacks. In ICLR, 2018.
  15. Fast minimum-norm adversarial attacks through adaptive norm constraints. NeurIPS, 34, 2021.
  16. Towards compact and robust deep neural networks. arXiv, 2019.
  17. HYDRA: pruning adversarially robust neural networks. In H. Larochelle, M. Ranzato, R. Hadsell, M. Balcan, and H. Lin, editors, NeurIPS 2020, December 6-12, 2020, virtual, 2020.
  18. Pruning has a disparate impact on model accuracy. arXiv, 2022.
  19. Adversarial robustness vs. model compression, or both? In ICCV 2019, Seoul, Korea (South), October 27 - November 2, 2019, pages 111–120. IEEE, 2019.
  20. Pruning by explaining: A novel criterion for deep neural network pruning. Patt. Rec., 115:107899, 2021.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Giorgio Piras (7 papers)
  2. Maura Pintor (24 papers)
  3. Ambra Demontis (34 papers)
  4. Battista Biggio (81 papers)
Citations (1)
View on Semantic Scholar