UNICA IRIS Institutional Research Information System

Neural network pruning has shown to be an effective technique for reducing the network size, trading desirable properties like generalization and robustness to adversarial attacks for higher sparsity. Recent work has claimed that adversarial pruning methods can produce sparse networks while also preserving robustness to adversarial examples. In this work, we first re-evaluate three state-of-the-art adversarial pruning methods, showing that their robustness was indeed overestimated. We then compare pruned and dense versions of the same models, discovering that samples on thin ice, i.e., closer to the unpruned model’s decision boundary, are typically misclassified after pruning. We conclude by discussing how this intuition may lead to designing more effective adversarial pruning methods in future work.

Samples on Thin Ice: Re-evaluating Adversarial Pruning of Neural Networks

Giorgio Piras^Primo;Maura Pintor^Secondo;Ambra Demontis^Penultimo;Battista Biggio^Ultimo

2023-01-01

Abstract

Neural network pruning has shown to be an effective technique for reducing the network size, trading desirable properties like generalization and robustness to adversarial attacks for higher sparsity. Recent work has claimed that adversarial pruning methods can produce sparse networks while also preserving robustness to adversarial examples. In this work, we first re-evaluate three state-of-the-art adversarial pruning methods, showing that their robustness was indeed overestimated. We then compare pruned and dense versions of the same models, discovering that samples on thin ice, i.e., closer to the unpruned model’s decision boundary, are typically misclassified after pruning. We conclude by discussing how this intuition may lead to designing more effective adversarial pruning methods in future work.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2023
			
	Codice ISBN
	
				979-8-3503-0378-0
			
	Parole chiave
	
				Machine Learning; Adversarial Examples; Adversarial Robustness; Neural Network Pruning
			
	Tipologia:
	
				4.1 Contributo in Atti di convegno

File in questo prodotto:

File	Dimensione	Formato
2310.08073.pdf accesso aperto Tipologia: versione pre-print Dimensione 380.56 kB Formato Adobe PDF Visualizza/Apri	380.56 kB	Adobe PDF	Visualizza/Apri
Samples_on_Thin_Ice_Re-Evaluating_Adversarial_Pruning_of_Neural_Networks.pdf Solo gestori archivio Tipologia: versione editoriale (VoR) Dimensione 480.94 kB Formato Adobe PDF Visualizza/Apri Richiedi una copia	480.94 kB	Adobe PDF	Visualizza/Apri Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11584/381823

Citazioni

ND

0

ND

social impact