Enhance DNN Adversarial Robustness and Efficiency via Injecting Noise to Non-Essential Neurons
This work addresses critical security and performance issues for industries relying on DNNs, such as healthcare and finance, but it is incremental as it builds on prior noise-based methods.
The paper tackles the dual challenges of adversarial vulnerability and computational inefficiency in Deep Neural Networks by introducing a non-uniform noise injection algorithm that targets non-essential neurons, resulting in enhanced robustness and efficiency across various attacks, models, and datasets.
Deep Neural Networks (DNNs) have revolutionized a wide range of industries, from healthcare and finance to automotive, by offering unparalleled capabilities in data analysis and decision-making. Despite their transforming impact, DNNs face two critical challenges: the vulnerability to adversarial attacks and the increasing computational costs associated with more complex and larger models. In this paper, we introduce an effective method designed to simultaneously enhance adversarial robustness and execution efficiency. Unlike prior studies that enhance robustness via uniformly injecting noise, we introduce a non-uniform noise injection algorithm, strategically applied at each DNN layer to disrupt adversarial perturbations introduced in attacks. By employing approximation techniques, our approach identifies and protects essential neurons while strategically introducing noise into non-essential neurons. Our experimental results demonstrate that our method successfully enhances both robustness and efficiency across several attack scenarios, model architectures, and datasets.