Adversarial Pruning: A Survey and Benchmark of Pruning Methods for Adversarial Robustness
This work addresses the problem of inconsistent evaluations in adversarial pruning for researchers, providing a benchmark to improve method comparison, but it is incremental as it synthesizes and refines existing approaches rather than introducing new methods.
The authors tackled the lack of a standardized comparison for neural network pruning methods aimed at maintaining adversarial robustness by surveying existing techniques, proposing a taxonomy, and developing a fair evaluation benchmark, resulting in an empirical re-evaluation that identifies top-performing traits and common issues.
Recent work has proposed neural network pruning techniques to reduce the size of a network while preserving robustness against adversarial examples, i.e., well-crafted inputs inducing a misclassification. These methods, which we refer to as adversarial pruning methods, involve complex and articulated designs, making it difficult to analyze the differences and establish a fair and accurate comparison. In this work, we overcome these issues by surveying current adversarial pruning methods and proposing a novel taxonomy to categorize them based on two main dimensions: the pipeline, defining when to prune; and the specifics, defining how to prune. We then highlight the limitations of current empirical analyses and propose a novel, fair evaluation benchmark to address them. We finally conduct an empirical re-evaluation of current adversarial pruning methods and discuss the results, highlighting the shared traits of top-performing adversarial pruning methods, as well as common issues. We welcome contributions in our publicly-available benchmark at https://github.com/pralab/AdversarialPruningBenchmark