Sparse DNNs with Improved Adversarial Robustness
This addresses the challenge of deploying DNNs in real-world applications by potentially enhancing efficiency and security, though it appears incremental as it builds on existing pruning techniques.
The paper tackled the problem of deep neural networks being computationally intensive and vulnerable to adversarial attacks by investigating the relationship between model sparsity and adversarial robustness, finding that appropriately higher sparsity improves robustness in nonlinear DNNs while over-sparsification reduces it.
Deep neural networks (DNNs) are computationally/memory-intensive and vulnerable to adversarial attacks, making them prohibitive in some real-world applications. By converting dense models into sparse ones, pruning appears to be a promising solution to reducing the computation/memory cost. This paper studies classification models, especially DNN-based ones, to demonstrate that there exists intrinsic relationships between their sparsity and adversarial robustness. Our analyses reveal, both theoretically and empirically, that nonlinear DNN-based classifiers behave differently under $l_2$ attacks from some linear ones. We further demonstrate that an appropriately higher model sparsity implies better robustness of nonlinear DNNs, whereas over-sparsified models can be more difficult to resist adversarial examples.