Yiwen Guo, Chao Zhang, Changshui Zhang, Yurong Chen
Published 2018-10-23Version 1
Deep neural networks (DNNs) are computationally/memory-intensive and vulnerable to adversarial attacks, making them prohibitive in some real-world applications. By converting dense models into sparse ones, pruning appears to be a promising solution to reducing the computation/memory cost. This paper studies classification models, especially DNN-based ones, to demonstrate that there exists intrinsic relationships between their sparsity and adversarial robustness. Our analyses reveal, both theoretically and empirically, that nonlinear DNN-based classifiers behave differently under $l_2$ attacks from some linear ones. We further demonstrate that an appropriately higher model sparsity implies better robustness of nonlinear DNNs, whereas over-sparsified models can be more difficult to resist adversarial examples.
Comments: To appear in NIPS2018
A Useful Taxonomy for Adversarial Robustness of Neural Networks
Bridging the Gap Between Adversarial Robustness and Optimization Bias
Biologically Inspired Mechanisms for Adversarial Robustness
![QR code for arXiv:1810.09619 [cs.LG]](http://oss.arxitics.com/images/favicon.svg)