GradMDM: Adversarial Attack on Dynamic Networks
This work addresses security vulnerabilities in dynamic networks for AI practitioners, but it is incremental as it builds on existing energy-oriented attack techniques.
The paper tackles the problem of adversarial attacks on dynamic neural networks, specifically targeting their efficiency by increasing computational complexity; the result shows that GradMDM outperforms previous methods in raising computation while reducing perturbation perceptibility.
Dynamic neural networks can greatly reduce computation redundancy without compromising accuracy by adapting their structures based on the input. In this paper, we explore the robustness of dynamic neural networks against energy-oriented attacks targeted at reducing their efficiency. Specifically, we attack dynamic models with our novel algorithm GradMDM. GradMDM is a technique that adjusts the direction and the magnitude of the gradients to effectively find a small perturbation for each input, that will activate more computational units of dynamic models during inference. We evaluate GradMDM on multiple datasets and dynamic models, where it outperforms previous energy-oriented attack techniques, significantly increasing computation complexity while reducing the perceptibility of the perturbations.