CSTAR: Towards Compact and Structured Deep Neural Networks with Adversarial Robustness

Authors

  • Huy Phan Rutgers University
  • Miao Yin Rutgers University
  • Yang Sui Rutgers University
  • Bo Yuan Rutgers University
  • Saman Zonouz Georgia Institute of Technology

DOI:

https://doi.org/10.1609/aaai.v37i2.25299

Keywords:

CV: Adversarial Attacks & Robustness, ML: Adversarial Learning & Robustness, ML: Matrix & Tensor Methods

Abstract

Model compression and model defense for deep neural networks (DNNs) have been extensively and individually studied. Considering the co-importance of model compactness and robustness in practical applications, several prior works have explored to improve the adversarial robustness of the sparse neural networks. However, the structured sparse models obtained by the existing works suffer severe performance degradation for both benign and robust accuracy, thereby causing a challenging dilemma between robustness and structuredness of compact DNNs. To address this problem, in this paper, we propose CSTAR, an efficient solution that simultaneously impose Compactness, high STructuredness and high Adversarial Robustness on the target DNN models. By formulating the structuredness and robustness requirement within the same framework, the compressed DNNs can simultaneously achieve high compression performance and strong adversarial robustness. Evaluations for various DNN models on different datasets demonstrate the effectiveness of CSTAR. Compared with the state-of-the-art robust structured pruning, CSTAR shows consistently better performance. For instance, when compressing ResNet-18 on CIFAR-10, CSTAR achieves up to 20.07% and 11.91% improvement for benign accuracy and robust accuracy, respectively. For compressing ResNet-18 with 16x compression ratio on Imagenet, CSTAR obtains 8.58% benign accuracy gain and 4.27% robust accuracy gain compared to the existing robust structured pruning.
AAAI-23 Proceedings Cover

Downloads

Published

2023-06-26

How to Cite

Phan, H., Yin, M., Sui, Y., Yuan, B., & Zonouz, S. (2023). CSTAR: Towards Compact and Structured Deep Neural Networks with Adversarial Robustness. Proceedings of the AAAI Conference on Artificial Intelligence, 37(2), 2065-2073. https://doi.org/10.1609/aaai.v37i2.25299

Issue

Vol. 37 No. 2: AAAI-23 Technical Tracks 2

Section

AAAI Technical Track on Computer Vision II