Adversarial Pruning: A Survey and Benchmark of Pruning Methods for Adversarial Robustness

• URL: http://arxiv.org/abs/2409.01249v1
• Date: Mon, 2 Sep 2024 13:34:01 GMT
• Title: Adversarial Pruning: A Survey and Benchmark of Pruning Methods for Adversarial Robustness
• Authors: Giorgio Piras, Maura Pintor, Ambra Demontis, Battista Biggio, Giorgio Giacinto, Fabio Roli,
• Abstract summary: Recent work has proposed neural network pruning techniques to reduce the size of a network while preserving robustness against adversarial examples. These methods involve complex and articulated designs, making it difficult to analyze the differences and establish a fair and accurate comparison. We propose a novel taxonomy to categorize them based on two main dimensions: the pipeline, defining when to prune; and the specifics, defining how to prune.
• Score: 16.623648447423438
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recent work has proposed neural network pruning techniques to reduce the size of a network while preserving robustness against adversarial examples, i.e., well-crafted inputs inducing a misclassification. These methods, which we refer to as adversarial pruning methods, involve complex and articulated designs, making it difficult to analyze the differences and establish a fair and accurate comparison. In this work, we overcome these issues by surveying current adversarial pruning methods and proposing a novel taxonomy to categorize them based on two main dimensions: the pipeline, defining when to prune; and the specifics, defining how to prune. We then highlight the limitations of current empirical analyses and propose a novel, fair evaluation benchmark to address them. We finally conduct an empirical re-evaluation of current adversarial pruning methods and discuss the results, highlighting the shared traits of top-performing adversarial pruning methods, as well as common issues. We welcome contributions in our publicly-available benchmark at https://github.com/pralab/AdversarialPruningBenchmark

Related papers

• Are We Wasting Time? A Fast, Accurate Performance Evaluation Framework for Knowledge Graph Link Predictors [4.31947784387967]
  In Knowledge Graphs on a larger scale, the ranking process rapidly becomes heavy. Previous approaches used random sampling of entities to assess the quality of links predicted or suggested by a method. We show that this approach has serious limitations since the ranking metrics produced do not properly reflect true outcomes. We propose a framework that uses relational recommenders to guide the selection of candidates for evaluation.
  arXiv  Detail & Related papers  (2024-01-25T15:44:46Z)
• Towards Evaluating Transfer-based Attacks Systematically, Practically, and Fairly [79.07074710460012]
  adversarial vulnerability of deep neural networks (DNNs) has drawn great attention. An increasing number of transfer-based methods have been developed to fool black-box DNN models. We establish a transfer-based attack benchmark (TA-Bench) which implements 30+ methods.
  arXiv  Detail & Related papers  (2023-11-02T15:35:58Z)
• Samples on Thin Ice: Re-Evaluating Adversarial Pruning of Neural Networks [15.55615069378845]
  Recent work has claimed that adversarial pruning methods can produce sparse networks while also preserving robustness to adversarial examples. In this work, we first re-evaluate three state-of-the-art adversarial pruning methods, showing that their robustness was indeed overestimated. We conclude by discussing how this intuition may lead to designing more effective adversarial pruning methods in future work.
  arXiv  Detail & Related papers  (2023-10-12T06:50:43Z)
• Better Understanding Differences in Attribution Methods via Systematic Evaluations [57.35035463793008]
  Post-hoc attribution methods have been proposed to identify image regions most influential to the models' decisions. We propose three novel evaluation schemes to more reliably measure the faithfulness of those methods. We use these evaluation schemes to study strengths and shortcomings of some widely used attribution methods over a wide range of models.
  arXiv  Detail & Related papers  (2023-03-21T14:24:58Z)
• ADDMU: Detection of Far-Boundary Adversarial Examples with Data and Model Uncertainty Estimation [125.52743832477404]
  Adversarial Examples Detection (AED) is a crucial defense technique against adversarial attacks. We propose a new technique, textbfADDMU, which combines two types of uncertainty estimation for both regular and FB adversarial example detection. Our new method outperforms previous methods by 3.6 and 6.0 emphAUC points under each scenario.
  arXiv  Detail & Related papers  (2022-10-22T09:11:12Z)
• Towards Better Understanding Attribution Methods [77.1487219861185]
  Post-hoc attribution methods have been proposed to identify image regions most influential to the models' decisions. We propose three novel evaluation schemes to more reliably measure the faithfulness of those methods. We also propose a post-processing smoothing step that significantly improves the performance of some attribution methods.
  arXiv  Detail & Related papers  (2022-05-20T20:50:17Z)
• Few-shot Forgery Detection via Guided Adversarial Interpolation [56.59499187594308]
  Existing forgery detection methods suffer from significant performance drops when applied to unseen novel forgery approaches. We propose Guided Adversarial Interpolation (GAI) to overcome the few-shot forgery detection problem. Our method is validated to be robust to choices of majority and minority forgery approaches.
  arXiv  Detail & Related papers  (2022-04-12T16:05:10Z)
• Time to Focus: A Comprehensive Benchmark Using Time Series Attribution Methods [4.9449660544238085]
  The paper focuses on time series analysis and benchmark several state-of-the-art attribution methods. The presented experiments involve gradient-based and perturbation-based attribution methods. The findings accentuate that choosing the best-suited attribution method is strongly correlated with the desired use case.
  arXiv  Detail & Related papers  (2022-02-08T10:06:13Z)
• FADER: Fast Adversarial Example Rejection [19.305796826768425]
  Recent defenses have been shown to improve adversarial robustness by detecting anomalous deviations from legitimate training samples at different layer representations. We introduce FADER, a novel technique for speeding up detection-based methods. Our experiments outline up to 73x prototypes reduction compared to analyzed detectors for MNIST dataset and up to 50x for CIFAR10 respectively.
  arXiv  Detail & Related papers  (2020-10-18T22:00:11Z)
• What is the State of Neural Network Pruning? [12.50128492336137]
  We provide a meta-analysis of the literature, including an overview of approaches to pruning. We find that the community suffers from a lack of standardized benchmarks and metrics. We introduce ShrinkBench, an open-source framework to facilitate standardized evaluations of pruning methods.
  arXiv  Detail & Related papers  (2020-03-06T05:06:12Z)
• Benchmarking Network Embedding Models for Link Prediction: Are We Making Progress? [84.43405961569256]
  We shed light on the state-of-the-art of network embedding methods for link prediction. We show, using a consistent evaluation pipeline, that only thin progress has been made over the last years. We argue that standardized evaluation tools can repair this situation and boost future progress in this field.
  arXiv  Detail & Related papers  (2020-02-25T16:59:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.