On the Adversarial Robustness of Quantized Neural Networks
read the original abstract
Reducing the size of neural network models is a critical step in moving AI from a cloud-centric to an edge-centric (i.e. on-device) compute paradigm. This shift from cloud to edge is motivated by a number of factors including reduced latency, improved security, and higher flexibility of AI algorithms across several application domains (e.g. transportation, healthcare, defense, etc.). However, it is currently unclear how model compression techniques may affect the robustness of AI algorithms against adversarial attacks. This paper explores the effect of quantization, one of the most common compression techniques, on the adversarial robustness of neural networks. Specifically, we investigate and model the accuracy of quantized neural networks on adversarially-perturbed images. Results indicate that for simple gradient-based attacks, quantization can either improve or degrade adversarial robustness depending on the attack strength.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
Boundary-Aware Quantization: Finite-Scale Decision Geometry of Neural Classifiers
Quantization of neural classifiers produces measurable boundary shifts captured by Jaccard distances and flip rates that correlate between calibration and held-out sets across bit widths.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.