To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression

Zhao, Yiren; Shumailov, Ilia; Mullins, Robert; Anderson, Ross

To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression

Published version

Peer-reviewed

Repository URI

https://www.repository.cam.ac.uk/handle/1810/294900

Repository DOI

https://doi.org/10.17863/CAM.41988

Files

Published version (1.01 MB)

Type

Conference Object

Authors

Zhao, Yiren

Shumailov, Ilia

Mullins, Robert

https://orcid.org/0000-0002-8393-2748

Anderson, Ross

https://orcid.org/0000-0001-8697-5682

Abstract

As deep neural networks (DNNs) become widely used, pruned and quantised models are becoming ubiquitous on edge devices; such compressed DNNs are popular for lowering computational requirements.Meanwhile, recent studies show that adversarial samples can be effective at making DNNs misclassify. We, therefore, investigate the extent to which adversarial samples are transferable between uncompressed and compressed DNNs. We find that adversarial samples remain transferable for both pruned and quantised models.For pruning, the adversarial samples generated from heavily pruned models remain effective on uncompressed models. For quantisation, we find the transferability of adversarial samples is highly sensitive to integer precision.

Conference Name

The Conference on Systems and Machine Learning (SysML)

Publisher DOI

https://doi.org/10.17863/CAM.41988

Rights

Sponsorship

Partially supported with funds from Bosch-Forschungsstiftung im Stifterverband

Collections

Cambridge University Research Outputs