Generalized Depthwise-Separable Convolutions for Adversarially Robust and Efficient Neural Networks
This work addresses the problem of making neural networks more efficient and robust for practical deployment, though it is incremental as it builds on existing depthwise-separable convolution techniques.
The paper tackles the dual challenges of high computational cost and adversarial vulnerability in convolutional neural networks by proposing Generalized Depthwise-Separable (GDWS) convolution, a post-training approximation method that improves throughput on real hardware while preserving robustness, as demonstrated on datasets like CIFAR-10 and ImageNet.
Despite their tremendous successes, convolutional neural networks (CNNs) incur high computational/storage costs and are vulnerable to adversarial perturbations. Recent works on robust model compression address these challenges by combining model compression techniques with adversarial training. But these methods are unable to improve throughput (frames-per-second) on real-life hardware while simultaneously preserving robustness to adversarial perturbations. To overcome this problem, we propose the method of Generalized Depthwise-Separable (GDWS) convolution -- an efficient, universal, post-training approximation of a standard 2D convolution. GDWS dramatically improves the throughput of a standard pre-trained network on real-life hardware while preserving its robustness. Lastly, GDWS is scalable to large problem sizes since it operates on pre-trained models and doesn't require any additional training. We establish the optimality of GDWS as a 2D convolution approximator and present exact algorithms for constructing optimal GDWS convolutions under complexity and error constraints. We demonstrate the effectiveness of GDWS via extensive experiments on CIFAR-10, SVHN, and ImageNet datasets. Our code can be found at https://github.com/hsndbk4/GDWS.