SlideShare a Scribd company logo

Adversarial Neural Pruning with Latent Vulnerability Suppression

M
MLAI2

Despite the remarkable performance of deep neural networks on various computer vision tasks, they are known to be susceptible to adversarial perturbations, which makes it challenging to deploy them in real-world safety-critical applications. In this paper, we conjecture that the leading cause of adversarial vulnerability is the distortion in the latent feature space, and provide methods to suppress them effectively. Explicitly, we define vulnerability for each latent feature and then propose a new loss for adversarial learning, Vulnerability Suppression (VS) loss, that aims to minimize the feature-level vulnerability during training. We further propose a Bayesian framework to prune features with high vulnerability to reduce both vulnerability and loss on adversarial samples. We validate our Adversarial Neural Pruning with Vulnerability Suppression (ANP-VS) method on multiple benchmark datasets, on which it not only obtains state-of-the-art adversarial robustness but also improves the performance on clean examples, using only a fraction of the parameters used by the full network. Further qualitative analysis suggests that the improvements come from the suppression of feature-level vulnerability.

Technology
1 of 36
Download to read offline
Adversarial Neural Pruning with Latent Vulnerability Suppression Divyam Madaan1 , Jinwoo Shin2,3 and Sung Ju Hwang1,3,4 1 School of Computing, KAIST, Daejeon, South Korea 2 School of Electrical Engineering, KAIST, Daejeon, South Korea 3 Graduate School of AI, KAIST, Daejeon, South Korea 4 AITRICS, Seoul, South Korea
Motivation Deep neural networks are extremely brittle to adversarial perturbed inputs. Robustness and accuracy of these networks is critical for their deployment in safety and reliability critical applications. Stop Sign Left turn Speed limit Original Perturbed Predicted Classifier
Motivation Deep neural networks rely on non-robust features for generalization to test set. There exists a set of robust and non-robust features in the input space [Ilyas et al., 2019]. Dog Classifier Robust-features Non-robust features Dog Cat [Ilyas et al., 2019] Adversarial Examples are not Bugs, They are Features. NeurIPS 2019 In this work, we investigate the vulnerability of the latent-features of a network.
Adversarial Neural Pruning We found that pruning the vulnerable features in a model improves adversarial robustness as well as computational efficiency. Original Example Standard Network Mean distortion for input layer Robust feature Vulnerable feature
Adversarial Neural Pruning We found that pruning the vulnerable features in a model improves adversarial robustness as well as computational efficiency. Mean distortion for input layer Original Example Adversarial Neural Pruning Robust feature Vulnerable feature
Related Work: Robustness and Sparsity However, all these works test their hypothesis with heuristic pruning techniques. Guo et al. (2019) and Ye et al. (2018) demonstrated that higher sparsity leads to more robust model. [Ye et al., 2018] Defending DNN adversarial attacks with pruning and logits augmentation. ICLR Workshop Submission, 2018 [Wang et al., 2018] Adversarial Robustness of Pruned Neural Networks. ICLR Workshop Submission, 2018. [Guo et al., 2019] Sparse DNNs with Improved Adversarial Robustness. Neurips 2018 Robustness of VGG-like network (left) and ResNet-32 (right) with varying weight sparsity [Guo et al., 2019] Robustness evaluation of pruned networks by weight or filter pruning on MNIST dataset [Wang et al., 2018] In contrast, Wang et al. (2018) illustrated that higher sparsity decreases robustness.
Related Work: Robustness and Sparsity However, it requires a pre-trained adversarial defense model and still does not take into account the robustness of a latent-feature. Ye et al. (2019) proposed concurrent adversarial training and weight pruning to achieve robust and sparse networks. [Ye et al., 2019] Adversarial Robustness vs. Model Compression, or Both? ICCV 2019 ADMM Robustness with VGG-16 (left) and ResNet-32 (right) with varying weight sparsity on CIFAR-10 [Ye et al., 2019] Model capacity Model capacity
Vulnerability of a latent-feature Inspired by the motivation, we introduce the concept of vulnerability in the deep latent representation space. Training data classes Feature Representation:
Vulnerability of a latent-feature Deep neural networks rely on vulnerable features for generalization to test set. Adversarial data classes Adversarial examples distort the vulnerable features to cause misclassification.
Vulnerability of a latent-feature Vulnerability of a feature: Vulnerability of a feature is the difference between the clean and adversarial feature. Adversarial dataTraining data classes
Vulnerability of a layer Vulnerability of a layer: Vulnerability of a layer is the sum of vulnerabilities of all latent-features in that layer. Adversarial dataTraining data classes # of features in a layer
Vulnerability Suppression (VS) Vulnerability of a network: Vulnerability suppression loss (VS loss) minimizes the vulnerability of the network. Adversarial dataTraining data # of layers classes
Vulnerability Suppression (VS) Objective: VS loss minimizes the overall vulnerability of the network. Adversarial data classesTraining data
Adversarial Neural Pruning (ANP) ANP learns to prune the vulnerable features in a Bayesian framework to obtain a robust and sparse model. ANP uses pruning as a defense mechanism and sets the vulnerable-features to zero. Adversarial data classesTraining data
Adversarial Neural Pruning with Vulnerability Suppression ANP-VS suppresses the vulnerability of latent-features and learns a Bayesian pruning mask to prune the vulnerable features. Adversarial data classesTraining data Objective:Objective:
Adversarial Beta-Bernoulli Dropout ANP with Beta-Bernoulli Dropout [Lee et al., 2018] models the dropout probability for each channel/neuron with the sparsity inducing Beta-Bernoulli distribution. Convolution layers with n channels The activated channels/neurons are modelled according to the Bernoulli distribution. [Lee et al., 2018] Adaptive Network Sparsification via Dependent Variational Beta-Bernoulli Dropout. arXiv preprint arXiv:1805.10896
Adversarial Beta-Bernoulli Dropout ANP with Beta-Bernoulli Dropout [Lee et al., 2018] generates dropout mask from sparsity inducing Beta-Bernoulli prior. Objective: [Lee et al., 2018] Adaptive Network Sparsification via Dependent Variational Beta-Bernoulli Dropout. arXiv preprint arXiv:1805.10896 ANP is general, and can be applied to any Bayesian pruning technique.
Dataset We evaluate our model and baselines on three benchmark datasets. [Krizhevsky, 2012] Krizhevsky, A. Learning multiple layer of features from tiny images. University of Toronto 2012 [Lecun, 1998] Lecun, Y. The MNIST database of handwritten digits. MNIST [Lecun, 1998] A dataset with 60,000 gray scale images of handwritten digits with ten classes. CIFAR10 [Krizhevsky, 2012] A dataset with 60,000 images from ten animal and vehicle classes. CIFAR100 [Krizhevsky, 2012] A dataset with 60,000 images from 100 generic object classes.
Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Standard: Base convolutional network. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53
Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Bayesian Pruning (BP) [Lee et al., 2018]: Base network with Beta-bernoulli dropout. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Lee et al., 2018] Adaptive Network Sparsification via Dependent Variational Beta-Bernoulli Dropout. arXiv preprint arXiv:1805.10896
Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Adversarial Training (AT) [Kurakin et al., 2016, Madry et al., 2016]: Adversarial trained network. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Kurakin et al., 2016] Adversarial Machine Learning at Scale. ICLR 2016 [Madry et al., 2016] Towards deep learning models resistant to adversarial attacks. ICLR 2018
Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. AT BNN [Liu et al., 2019]: Adversarial Bayesian trained neural network. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Liu et al., 2019] ADV-BNN: Improved Adversarial Defense Through Robust Bayesian Neural Network. ICLR 2019
Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Pretrained AT (Pre. AT) [Hendrycks et al., 2019]: Adversarial training on a pretrained base model. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 Pre. AT 87.50 52.25 66.10 0.041 0.036 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Hendrycks et al., 2019] Using Pre-Training can Improve Model Robustness and Uncertainty. ICML 2019
Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. ADMM [Ye et al., 2019]: Concurrent weight pruning and adversarial training. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 Pre. AT 87.50 52.25 66.10 0.041 0.036 100.0 1.00 0.00 ADMM 78.15 47.37 62.15 0.034 0.030 100.0 1.00 75.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Ye et al., 2019] Adversarial Robustness vs. Model Compression, or Both? ICCV 2019
Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. TRADES [Zhang et al., 2019]: Explicit trade-off between natural and robust generalization. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 Pre. AT 87.50 52.25 66.10 0.041 0.036 100.0 1.00 0.00 ADMM 78.15 47.37 62.15 0.034 0.030 100.0 1.00 75.00 TRADES 80.33 52.08 64.80 0.045 0.042 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Zhang et al., 2019] Theoretically Principled Trade-off between Robustness and Accuracy. ICML 2019
Result on CIFAR-100 dataset Our proposed ANP-VS outperforms all the baselines. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 67.44 2.81 14.94 0.143 0.119 100.0 1.00 0.00 BP 69.40 3.12 16.39 0.067 0.059 18.59 1.95 63.48 AT 57.79 19.07 32.47 0.079 0.071 100.0 1.00 0.00 AT BNN 53.75 19.40 30.38 0.446 0.385 200.0 0.50 0.00 Pre. AT 57.14 19.86 35.42 0.071 0.065 100.0 1.00 0.00 ADMM 52.52 19.65 31.30 0.060 0.056 100.0 1.00 65.00 TRADES 56.70 21.21 32.81 0.065 0.060 100.0 1.00 0.00 ANP-VS 59.15 22.35 37.01 0.035 0.030 16.74 2.02 68.80
Results Both our models outperforms the baselines. Model Clean acc. Adv. (WB) Vul. (WB) AT 87.50 49.85 0.050 AT-VS 87.44 51.52 0.024 ANP 88.36 55.63 0.022 ANP-VS 88.18 56.21 0.016 AT 57.79 19.07 0.079 AT-VS 57.74 20.06 0.061 ANP 58.47 22.20 0.037 ANP-VS 59.15 22.35 0.035 Performance of different components Mean distortion CIFAR-10CIFAR-100
Performance with higher compression ANP-VS outperforms the baselines even with higher sparsity of 80%.
Performance with higher compression ANP-VS outperforms the baselines even with higher sparsity of 80%.
Vulnerability of input-layer features Bayesian pruning zeros out some of the distortions in tha latent-features. However, it does not consider the distortion of the features while pruning. Standard Bayesian Pruning
Vulnerability of input-layer features Adversarial training reduces the distortion level of all features. However, adversarial training does not zero out the vulnerable latent-features. Standard Bayesian Pruning Adversarial Training
Vulnerability of input-layer features ANP-VS leads to reduction in latent-features distortion which results in robustness. ANP-VS has the largest number of features with zero distortion, and low distortion level in general. Standard Bayesian Pruning Adversarial Training Ours
Latent-features visualization Our proposed method leads to significant reduction in the vulnerability of latent-features. Original Standard AT Ours (0.226) (0.126) (0.083) (0.059)(0.104)(0.170) Visualization of the vulnerability of the latent-features with respect to the input pixels for various datasets.
Loss surface visualization Also, our proposed method achieves smoother loss surface. It indicates the absence of gradient obfuscation, demonstrating the effectiveness of our method. Standard Bayesian Pruning Adversarial Training Ours
Conclusion • We tackle the fundamental cause of vulnerability of deep networks by investigating the distortion of latent-features. Codes available at https://github.com/divyam3897/ANP_VS • Adversarial Neural Pruning with Vulnerability Suppression loss (ANP-VS) prunes the vulnerable features and minimizes the feature vulnerability in order to improve adversarial robustness. • Results show that our models minimizes the feature vulnerability, improves robustness with negligible memory and computational requirements. • We believe that our paper can be an essential part toward building memory-efficient robust models.
Thank you

Recommended

J1103046570
J1103046570J1103046570
J1103046570
IOSR Journals
 
Flexible PVDF thin film as piezoelectric energy harvester
Flexible PVDF thin film as piezoelectric energy harvesterFlexible PVDF thin film as piezoelectric energy harvester
Flexible PVDF thin film as piezoelectric energy harvester
journalBEEI
 
2005: A Matlab Tour on Artificial Immune Systems
2005: A Matlab Tour on Artificial Immune Systems2005: A Matlab Tour on Artificial Immune Systems
2005: A Matlab Tour on Artificial Immune Systems
Leandro de Castro
 
Iclr2020: Compression based bound for non-compressed network: unified general...
Iclr2020: Compression based bound for non-compressed network: unified general...Iclr2020: Compression based bound for non-compressed network: unified general...
Iclr2020: Compression based bound for non-compressed network: unified general...
Taiji Suzuki
 
Wcre08.ppt
Wcre08.pptWcre08.ppt
Wcre08.ppt
Yann-Gaël Guéhéneuc
 
Adaptive Convolution Neural Networks for Electrical Resistivity Inversion
Adaptive Convolution Neural Networks for Electrical Resistivity InversionAdaptive Convolution Neural Networks for Electrical Resistivity Inversion
Adaptive Convolution Neural Networks for Electrical Resistivity Inversion
DUSABEMARIYA
 
Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...
Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...
Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...
IDES Editor
 
Application of support vector machines for prediction of anti hiv activity of...
Application of support vector machines for prediction of anti hiv activity of...Application of support vector machines for prediction of anti hiv activity of...
Application of support vector machines for prediction of anti hiv activity of...
Alexander Decker
 

Recommended

J1103046570
J1103046570J1103046570
J1103046570
IOSR Journals
 
Flexible PVDF thin film as piezoelectric energy harvester
Flexible PVDF thin film as piezoelectric energy harvesterFlexible PVDF thin film as piezoelectric energy harvester
Flexible PVDF thin film as piezoelectric energy harvester
journalBEEI
 
2005: A Matlab Tour on Artificial Immune Systems
2005: A Matlab Tour on Artificial Immune Systems2005: A Matlab Tour on Artificial Immune Systems
2005: A Matlab Tour on Artificial Immune Systems
Leandro de Castro
 
Iclr2020: Compression based bound for non-compressed network: unified general...
Iclr2020: Compression based bound for non-compressed network: unified general...Iclr2020: Compression based bound for non-compressed network: unified general...
Iclr2020: Compression based bound for non-compressed network: unified general...
Taiji Suzuki
 
Wcre08.ppt
Wcre08.pptWcre08.ppt
Wcre08.ppt
Yann-Gaël Guéhéneuc
 
Adaptive Convolution Neural Networks for Electrical Resistivity Inversion
Adaptive Convolution Neural Networks for Electrical Resistivity InversionAdaptive Convolution Neural Networks for Electrical Resistivity Inversion
Adaptive Convolution Neural Networks for Electrical Resistivity Inversion
DUSABEMARIYA
 
Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...
Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...
Optimal Capacitor Placement in a Radial Distribution System using Shuffled Fr...
IDES Editor
 
Application of support vector machines for prediction of anti hiv activity of...
Application of support vector machines for prediction of anti hiv activity of...Application of support vector machines for prediction of anti hiv activity of...
Application of support vector machines for prediction of anti hiv activity of...
Alexander Decker
 
Network Implosion: Effective Model Compression for ResNets via Static Layer P...
Network Implosion: Effective Model Compression for ResNets via Static Layer P...Network Implosion: Effective Model Compression for ResNets via Static Layer P...
Network Implosion: Effective Model Compression for ResNets via Static Layer P...
NTT Software Innovation Center
 
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
IJMER
 
Power System Resilience.pptx
Power System Resilience.pptxPower System Resilience.pptx
Power System Resilience.pptx
DrDillipKumarMishra
 
International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions (IJEI),International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions www.ijeijournal.com
 
Design and parametric evaluation of UWB antenna for array arrangement
Design and parametric evaluation of UWB antenna for array arrangementDesign and parametric evaluation of UWB antenna for array arrangement
Design and parametric evaluation of UWB antenna for array arrangement
journalBEEI
 
Capstone Design(2) 중간 발표
Capstone Design(2) 중간 발표Capstone Design(2) 중간 발표
Capstone Design(2) 중간 발표
Hyunwoo Kim
 
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
Nicole Heredia
 
Side channel power analysis resistance evaluation of masked adders on FPGA
Side channel power analysis resistance evaluation of masked adders on FPGASide channel power analysis resistance evaluation of masked adders on FPGA
Side channel power analysis resistance evaluation of masked adders on FPGA
International Journal of Reconfigurable and Embedded Systems
 
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
Seulki Park
 
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
marwaeng
 
Optimal Siting of Distributed Generators in a Distribution Network using Arti...
Optimal Siting of Distributed Generators in a Distribution Network using Arti...Optimal Siting of Distributed Generators in a Distribution Network using Arti...
Optimal Siting of Distributed Generators in a Distribution Network using Arti...
IJECEIAES
 
15 ijcse-01236
15 ijcse-0123615 ijcse-01236
15 ijcse-01236
Shivlal Mewada
 
Reliability improvement and loss reduction in radial distribution system wit...
Reliability improvement and loss reduction in radial distribution system wit...Reliability improvement and loss reduction in radial distribution system wit...
Reliability improvement and loss reduction in radial distribution system wit...
IJECEIAES
 
Performance comparison of distributed generation installation arrangement in ...
Performance comparison of distributed generation installation arrangement in ...Performance comparison of distributed generation installation arrangement in ...
Performance comparison of distributed generation installation arrangement in ...
journalBEEI
 
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
inventy
 
Optimum reactive power compensation for distribution system using dolphin alg...
Optimum reactive power compensation for distribution system using dolphin alg...Optimum reactive power compensation for distribution system using dolphin alg...
Optimum reactive power compensation for distribution system using dolphin alg...
IJECEIAES
 
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
IRJET Journal
 
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORKAN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
ijwmn
 
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
IAEME Publication
 
Distance based cluster head section in sensor networks for efficient energy u...
Distance based cluster head section in sensor networks for efficient energy u...Distance based cluster head section in sensor networks for efficient energy u...
Distance based cluster head section in sensor networks for efficient energy u...
IAEME Publication
 
Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
MLAI2
 
Online Hyperparameter Meta-Learning with Hypergradient Distillation
Online Hyperparameter Meta-Learning with Hypergradient DistillationOnline Hyperparameter Meta-Learning with Hypergradient Distillation
Online Hyperparameter Meta-Learning with Hypergradient Distillation
MLAI2
 

More Related Content

Similar to Adversarial Neural Pruning with Latent Vulnerability Suppression

Network Implosion: Effective Model Compression for ResNets via Static Layer P...
Network Implosion: Effective Model Compression for ResNets via Static Layer P...Network Implosion: Effective Model Compression for ResNets via Static Layer P...
Network Implosion: Effective Model Compression for ResNets via Static Layer P...
NTT Software Innovation Center
 
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
IJMER
 
Power System Resilience.pptx
Power System Resilience.pptxPower System Resilience.pptx
Power System Resilience.pptx
DrDillipKumarMishra
 
International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions (IJEI),International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions www.ijeijournal.com
 
Design and parametric evaluation of UWB antenna for array arrangement
Design and parametric evaluation of UWB antenna for array arrangementDesign and parametric evaluation of UWB antenna for array arrangement
Design and parametric evaluation of UWB antenna for array arrangement
journalBEEI
 
Capstone Design(2) 중간 발표
Capstone Design(2) 중간 발표Capstone Design(2) 중간 발표
Capstone Design(2) 중간 발표
Hyunwoo Kim
 
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
Nicole Heredia
 
Side channel power analysis resistance evaluation of masked adders on FPGA
Side channel power analysis resistance evaluation of masked adders on FPGASide channel power analysis resistance evaluation of masked adders on FPGA
Side channel power analysis resistance evaluation of masked adders on FPGA
International Journal of Reconfigurable and Embedded Systems
 
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
Seulki Park
 
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
marwaeng
 
Optimal Siting of Distributed Generators in a Distribution Network using Arti...
Optimal Siting of Distributed Generators in a Distribution Network using Arti...Optimal Siting of Distributed Generators in a Distribution Network using Arti...
Optimal Siting of Distributed Generators in a Distribution Network using Arti...
IJECEIAES
 
15 ijcse-01236
15 ijcse-0123615 ijcse-01236
15 ijcse-01236
Shivlal Mewada
 
Reliability improvement and loss reduction in radial distribution system wit...
Reliability improvement and loss reduction in radial distribution system wit...Reliability improvement and loss reduction in radial distribution system wit...
Reliability improvement and loss reduction in radial distribution system wit...
IJECEIAES
 
Performance comparison of distributed generation installation arrangement in ...
Performance comparison of distributed generation installation arrangement in ...Performance comparison of distributed generation installation arrangement in ...
Performance comparison of distributed generation installation arrangement in ...
journalBEEI
 
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
inventy
 
Optimum reactive power compensation for distribution system using dolphin alg...
Optimum reactive power compensation for distribution system using dolphin alg...Optimum reactive power compensation for distribution system using dolphin alg...
Optimum reactive power compensation for distribution system using dolphin alg...
IJECEIAES
 
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
IRJET Journal
 
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORKAN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
ijwmn
 
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
IAEME Publication
 
Distance based cluster head section in sensor networks for efficient energy u...
Distance based cluster head section in sensor networks for efficient energy u...Distance based cluster head section in sensor networks for efficient energy u...
Distance based cluster head section in sensor networks for efficient energy u...
IAEME Publication
 

Similar to Adversarial Neural Pruning with Latent Vulnerability Suppression (20)

Network Implosion: Effective Model Compression for ResNets via Static Layer P...
Network Implosion: Effective Model Compression for ResNets via Static Layer P...Network Implosion: Effective Model Compression for ResNets via Static Layer P...
Network Implosion: Effective Model Compression for ResNets via Static Layer P...
 
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
Real Power Loss Reduction in Distribution Systems Using Ant Colony Optimizati...
 
Power System Resilience.pptx
Power System Resilience.pptxPower System Resilience.pptx
Power System Resilience.pptx
 
International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions (IJEI),International Journal of Engineering Inventions (IJEI),
International Journal of Engineering Inventions (IJEI),
 
Design and parametric evaluation of UWB antenna for array arrangement
Design and parametric evaluation of UWB antenna for array arrangementDesign and parametric evaluation of UWB antenna for array arrangement
Design and parametric evaluation of UWB antenna for array arrangement
 
Capstone Design(2) 중간 발표
Capstone Design(2) 중간 발표Capstone Design(2) 중간 발표
Capstone Design(2) 중간 발표
 
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
An Adaptive Recurrent Neural-Network Controller Using A Stabilization Matrix ...
 
Side channel power analysis resistance evaluation of masked adders on FPGA
Side channel power analysis resistance evaluation of masked adders on FPGASide channel power analysis resistance evaluation of masked adders on FPGA
Side channel power analysis resistance evaluation of masked adders on FPGA
 
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
[ICCV 21] Influence-Balanced Loss for Imbalanced Visual Classification
 
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
Coverage performance analysis of genetic ALOGRATHIM controlled smart antenna ...
 
Optimal Siting of Distributed Generators in a Distribution Network using Arti...
Optimal Siting of Distributed Generators in a Distribution Network using Arti...Optimal Siting of Distributed Generators in a Distribution Network using Arti...
Optimal Siting of Distributed Generators in a Distribution Network using Arti...
 
15 ijcse-01236
15 ijcse-0123615 ijcse-01236
15 ijcse-01236
 
Reliability improvement and loss reduction in radial distribution system wit...
Reliability improvement and loss reduction in radial distribution system wit...Reliability improvement and loss reduction in radial distribution system wit...
Reliability improvement and loss reduction in radial distribution system wit...
 
Performance comparison of distributed generation installation arrangement in ...
Performance comparison of distributed generation installation arrangement in ...Performance comparison of distributed generation installation arrangement in ...
Performance comparison of distributed generation installation arrangement in ...
 
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
Optimal Siting And Sizing Of Distributed Generation For Radial Distribution S...
 
Optimum reactive power compensation for distribution system using dolphin alg...
Optimum reactive power compensation for distribution system using dolphin alg...Optimum reactive power compensation for distribution system using dolphin alg...
Optimum reactive power compensation for distribution system using dolphin alg...
 
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
Machine Learning Algorithms for Image Classification of Hand Digits and Face ...
 
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORKAN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
AN ENHANCED HYBRID ROUTING AND CLUSTERING TECHNIQUE FOR WIRELESS SENSOR NETWORK
 
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
AN IMPROVED METHOD FOR IDENTIFYING WELL-TEST INTERPRETATION MODEL BASED ON AG...
 
Distance based cluster head section in sensor networks for efficient energy u...
Distance based cluster head section in sensor networks for efficient energy u...Distance based cluster head section in sensor networks for efficient energy u...
Distance based cluster head section in sensor networks for efficient energy u...
 

More from MLAI2

Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
MLAI2
 
Online Hyperparameter Meta-Learning with Hypergradient Distillation
Online Hyperparameter Meta-Learning with Hypergradient DistillationOnline Hyperparameter Meta-Learning with Hypergradient Distillation
Online Hyperparameter Meta-Learning with Hypergradient Distillation
MLAI2
 
Online Coreset Selection for Rehearsal-based Continual Learning
Online Coreset Selection for Rehearsal-based Continual LearningOnline Coreset Selection for Rehearsal-based Continual Learning
Online Coreset Selection for Rehearsal-based Continual Learning
MLAI2
 
Representational Continuity for Unsupervised Continual Learning
Representational Continuity for Unsupervised Continual LearningRepresentational Continuity for Unsupervised Continual Learning
Representational Continuity for Unsupervised Continual Learning
MLAI2
 
Sequential Reptile_Inter-Task Gradient Alignment for Multilingual Learning
Sequential Reptile_Inter-Task Gradient Alignment for Multilingual LearningSequential Reptile_Inter-Task Gradient Alignment for Multilingual Learning
Sequential Reptile_Inter-Task Gradient Alignment for Multilingual Learning
MLAI2
 
Skill-Based Meta-Reinforcement Learning
Skill-Based Meta-Reinforcement LearningSkill-Based Meta-Reinforcement Learning
Skill-Based Meta-Reinforcement Learning
MLAI2
 
Edge Representation Learning with Hypergraphs
Edge Representation Learning with HypergraphsEdge Representation Learning with Hypergraphs
Edge Representation Learning with Hypergraphs
MLAI2
 
Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...
Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...
Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...
MLAI2
 
Mini-Batch Consistent Slot Set Encoder For Scalable Set Encoding
Mini-Batch Consistent Slot Set Encoder For Scalable Set EncodingMini-Batch Consistent Slot Set Encoder For Scalable Set Encoding
Mini-Batch Consistent Slot Set Encoder For Scalable Set Encoding
MLAI2
 
Task Adaptive Neural Network Search with Meta-Contrastive Learning
Task Adaptive Neural Network Search with Meta-Contrastive LearningTask Adaptive Neural Network Search with Meta-Contrastive Learning
Task Adaptive Neural Network Search with Meta-Contrastive Learning
MLAI2
 
Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...
Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...
Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...
MLAI2
 
Meta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-Learning
Meta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-LearningMeta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-Learning
Meta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-Learning
MLAI2
 
Accurate Learning of Graph Representations with Graph Multiset Pooling
Accurate Learning of Graph Representations with Graph Multiset PoolingAccurate Learning of Graph Representations with Graph Multiset Pooling
Accurate Learning of Graph Representations with Graph Multiset Pooling
MLAI2
 
Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...
Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...
Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...
MLAI2
 
Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...
Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...
Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...
MLAI2
 
MetaPerturb: Transferable Regularizer for Heterogeneous Tasks and Architectures
MetaPerturb: Transferable Regularizer for Heterogeneous Tasks and ArchitecturesMetaPerturb: Transferable Regularizer for Heterogeneous Tasks and Architectures
MetaPerturb: Transferable Regularizer for Heterogeneous Tasks and Architectures
MLAI2
 
Adversarial Self-Supervised Contrastive Learning
Adversarial Self-Supervised Contrastive LearningAdversarial Self-Supervised Contrastive Learning
Adversarial Self-Supervised Contrastive Learning
MLAI2
 
Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...
Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...
Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...
MLAI2
 
Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...
Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...
Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...
MLAI2
 
Cost-effective Interactive Attention Learning with Neural Attention Process
Cost-effective Interactive Attention Learning with Neural Attention ProcessCost-effective Interactive Attention Learning with Neural Attention Process
Cost-effective Interactive Attention Learning with Neural Attention Process
MLAI2
 

More from MLAI2 (20)

Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
Meta Learning Low Rank Covariance Factors for Energy-Based Deterministic Unce...
 
Online Hyperparameter Meta-Learning with Hypergradient Distillation
Online Hyperparameter Meta-Learning with Hypergradient DistillationOnline Hyperparameter Meta-Learning with Hypergradient Distillation
Online Hyperparameter Meta-Learning with Hypergradient Distillation
 
Online Coreset Selection for Rehearsal-based Continual Learning
Online Coreset Selection for Rehearsal-based Continual LearningOnline Coreset Selection for Rehearsal-based Continual Learning
Online Coreset Selection for Rehearsal-based Continual Learning
 
Representational Continuity for Unsupervised Continual Learning
Representational Continuity for Unsupervised Continual LearningRepresentational Continuity for Unsupervised Continual Learning
Representational Continuity for Unsupervised Continual Learning
 
Sequential Reptile_Inter-Task Gradient Alignment for Multilingual Learning
Sequential Reptile_Inter-Task Gradient Alignment for Multilingual LearningSequential Reptile_Inter-Task Gradient Alignment for Multilingual Learning
Sequential Reptile_Inter-Task Gradient Alignment for Multilingual Learning
 
Skill-Based Meta-Reinforcement Learning
Skill-Based Meta-Reinforcement LearningSkill-Based Meta-Reinforcement Learning
Skill-Based Meta-Reinforcement Learning
 
Edge Representation Learning with Hypergraphs
Edge Representation Learning with HypergraphsEdge Representation Learning with Hypergraphs
Edge Representation Learning with Hypergraphs
 
Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...
Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...
Hit and Lead Discovery with Explorative RL and Fragment-based Molecule Genera...
 
Mini-Batch Consistent Slot Set Encoder For Scalable Set Encoding
Mini-Batch Consistent Slot Set Encoder For Scalable Set EncodingMini-Batch Consistent Slot Set Encoder For Scalable Set Encoding
Mini-Batch Consistent Slot Set Encoder For Scalable Set Encoding
 
Task Adaptive Neural Network Search with Meta-Contrastive Learning
Task Adaptive Neural Network Search with Meta-Contrastive LearningTask Adaptive Neural Network Search with Meta-Contrastive Learning
Task Adaptive Neural Network Search with Meta-Contrastive Learning
 
Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...
Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...
Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint L...
 
Meta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-Learning
Meta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-LearningMeta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-Learning
Meta-GMVAE: Mixture of Gaussian VAE for Unsupervised Meta-Learning
 
Accurate Learning of Graph Representations with Graph Multiset Pooling
Accurate Learning of Graph Representations with Graph Multiset PoolingAccurate Learning of Graph Representations with Graph Multiset Pooling
Accurate Learning of Graph Representations with Graph Multiset Pooling
 
Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...
Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...
Contrastive Learning with Adversarial Perturbations for Conditional Text Gene...
 
Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...
Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...
Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Le...
 
MetaPerturb: Transferable Regularizer for Heterogeneous Tasks and Architectures
MetaPerturb: Transferable Regularizer for Heterogeneous Tasks and ArchitecturesMetaPerturb: Transferable Regularizer for Heterogeneous Tasks and Architectures
MetaPerturb: Transferable Regularizer for Heterogeneous Tasks and Architectures
 
Adversarial Self-Supervised Contrastive Learning
Adversarial Self-Supervised Contrastive LearningAdversarial Self-Supervised Contrastive Learning
Adversarial Self-Supervised Contrastive Learning
 
Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...
Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...
Learning to Extrapolate Knowledge: Transductive Few-shot Out-of-Graph Link Pr...
 
Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...
Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...
Neural Mask Generator : Learning to Generate Adaptive Word Maskings for Langu...
 
Cost-effective Interactive Attention Learning with Neural Attention Process
Cost-effective Interactive Attention Learning with Neural Attention ProcessCost-effective Interactive Attention Learning with Neural Attention Process
Cost-effective Interactive Attention Learning with Neural Attention Process
 

Recently uploaded

LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 

Recently uploaded (20)

LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 

Adversarial Neural Pruning with Latent Vulnerability Suppression

  • 1. Adversarial Neural Pruning with Latent Vulnerability Suppression Divyam Madaan1 , Jinwoo Shin2,3 and Sung Ju Hwang1,3,4 1 School of Computing, KAIST, Daejeon, South Korea 2 School of Electrical Engineering, KAIST, Daejeon, South Korea 3 Graduate School of AI, KAIST, Daejeon, South Korea 4 AITRICS, Seoul, South Korea
  • 2. Motivation Deep neural networks are extremely brittle to adversarial perturbed inputs. Robustness and accuracy of these networks is critical for their deployment in safety and reliability critical applications. Stop Sign Left turn Speed limit Original Perturbed Predicted Classifier
  • 3. Motivation Deep neural networks rely on non-robust features for generalization to test set. There exists a set of robust and non-robust features in the input space [Ilyas et al., 2019]. Dog Classifier Robust-features Non-robust features Dog Cat [Ilyas et al., 2019] Adversarial Examples are not Bugs, They are Features. NeurIPS 2019 In this work, we investigate the vulnerability of the latent-features of a network.
  • 4. Adversarial Neural Pruning We found that pruning the vulnerable features in a model improves adversarial robustness as well as computational efficiency. Original Example Standard Network Mean distortion for input layer Robust feature Vulnerable feature
  • 5. Adversarial Neural Pruning We found that pruning the vulnerable features in a model improves adversarial robustness as well as computational efficiency. Mean distortion for input layer Original Example Adversarial Neural Pruning Robust feature Vulnerable feature
  • 6. Related Work: Robustness and Sparsity However, all these works test their hypothesis with heuristic pruning techniques. Guo et al. (2019) and Ye et al. (2018) demonstrated that higher sparsity leads to more robust model. [Ye et al., 2018] Defending DNN adversarial attacks with pruning and logits augmentation. ICLR Workshop Submission, 2018 [Wang et al., 2018] Adversarial Robustness of Pruned Neural Networks. ICLR Workshop Submission, 2018. [Guo et al., 2019] Sparse DNNs with Improved Adversarial Robustness. Neurips 2018 Robustness of VGG-like network (left) and ResNet-32 (right) with varying weight sparsity [Guo et al., 2019] Robustness evaluation of pruned networks by weight or filter pruning on MNIST dataset [Wang et al., 2018] In contrast, Wang et al. (2018) illustrated that higher sparsity decreases robustness.
  • 7. Related Work: Robustness and Sparsity However, it requires a pre-trained adversarial defense model and still does not take into account the robustness of a latent-feature. Ye et al. (2019) proposed concurrent adversarial training and weight pruning to achieve robust and sparse networks. [Ye et al., 2019] Adversarial Robustness vs. Model Compression, or Both? ICCV 2019 ADMM Robustness with VGG-16 (left) and ResNet-32 (right) with varying weight sparsity on CIFAR-10 [Ye et al., 2019] Model capacity Model capacity
  • 8. Vulnerability of a latent-feature Inspired by the motivation, we introduce the concept of vulnerability in the deep latent representation space. Training data classes Feature Representation:
  • 9. Vulnerability of a latent-feature Deep neural networks rely on vulnerable features for generalization to test set. Adversarial data classes Adversarial examples distort the vulnerable features to cause misclassification.
  • 10. Vulnerability of a latent-feature Vulnerability of a feature: Vulnerability of a feature is the difference between the clean and adversarial feature. Adversarial dataTraining data classes
  • 11. Vulnerability of a layer Vulnerability of a layer: Vulnerability of a layer is the sum of vulnerabilities of all latent-features in that layer. Adversarial dataTraining data classes # of features in a layer
  • 12. Vulnerability Suppression (VS) Vulnerability of a network: Vulnerability suppression loss (VS loss) minimizes the vulnerability of the network. Adversarial dataTraining data # of layers classes
  • 13. Vulnerability Suppression (VS) Objective: VS loss minimizes the overall vulnerability of the network. Adversarial data classesTraining data
  • 14. Adversarial Neural Pruning (ANP) ANP learns to prune the vulnerable features in a Bayesian framework to obtain a robust and sparse model. ANP uses pruning as a defense mechanism and sets the vulnerable-features to zero. Adversarial data classesTraining data
  • 15. Adversarial Neural Pruning with Vulnerability Suppression ANP-VS suppresses the vulnerability of latent-features and learns a Bayesian pruning mask to prune the vulnerable features. Adversarial data classesTraining data Objective:Objective:
  • 16. Adversarial Beta-Bernoulli Dropout ANP with Beta-Bernoulli Dropout [Lee et al., 2018] models the dropout probability for each channel/neuron with the sparsity inducing Beta-Bernoulli distribution. Convolution layers with n channels The activated channels/neurons are modelled according to the Bernoulli distribution. [Lee et al., 2018] Adaptive Network Sparsification via Dependent Variational Beta-Bernoulli Dropout. arXiv preprint arXiv:1805.10896
  • 17. Adversarial Beta-Bernoulli Dropout ANP with Beta-Bernoulli Dropout [Lee et al., 2018] generates dropout mask from sparsity inducing Beta-Bernoulli prior. Objective: [Lee et al., 2018] Adaptive Network Sparsification via Dependent Variational Beta-Bernoulli Dropout. arXiv preprint arXiv:1805.10896 ANP is general, and can be applied to any Bayesian pruning technique.
  • 18. Dataset We evaluate our model and baselines on three benchmark datasets. [Krizhevsky, 2012] Krizhevsky, A. Learning multiple layer of features from tiny images. University of Toronto 2012 [Lecun, 1998] Lecun, Y. The MNIST database of handwritten digits. MNIST [Lecun, 1998] A dataset with 60,000 gray scale images of handwritten digits with ten classes. CIFAR10 [Krizhevsky, 2012] A dataset with 60,000 images from ten animal and vehicle classes. CIFAR100 [Krizhevsky, 2012] A dataset with 60,000 images from 100 generic object classes.
  • 19. Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Standard: Base convolutional network. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53
  • 20. Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Bayesian Pruning (BP) [Lee et al., 2018]: Base network with Beta-bernoulli dropout. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Lee et al., 2018] Adaptive Network Sparsification via Dependent Variational Beta-Bernoulli Dropout. arXiv preprint arXiv:1805.10896
  • 21. Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Adversarial Training (AT) [Kurakin et al., 2016, Madry et al., 2016]: Adversarial trained network. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Kurakin et al., 2016] Adversarial Machine Learning at Scale. ICLR 2016 [Madry et al., 2016] Towards deep learning models resistant to adversarial attacks. ICLR 2018
  • 22. Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. AT BNN [Liu et al., 2019]: Adversarial Bayesian trained neural network. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Liu et al., 2019] ADV-BNN: Improved Adversarial Defense Through Robust Bayesian Neural Network. ICLR 2019
  • 23. Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. Pretrained AT (Pre. AT) [Hendrycks et al., 2019]: Adversarial training on a pretrained base model. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 Pre. AT 87.50 52.25 66.10 0.041 0.036 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Hendrycks et al., 2019] Using Pre-Training can Improve Model Robustness and Uncertainty. ICML 2019
  • 24. Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. ADMM [Ye et al., 2019]: Concurrent weight pruning and adversarial training. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 Pre. AT 87.50 52.25 66.10 0.041 0.036 100.0 1.00 0.00 ADMM 78.15 47.37 62.15 0.034 0.030 100.0 1.00 75.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Ye et al., 2019] Adversarial Robustness vs. Model Compression, or Both? ICCV 2019
  • 25. Result on CIFAR-10 dataset Our proposed ANP-VS outperforms all the baselines. TRADES [Zhang et al., 2019]: Explicit trade-off between natural and robust generalization. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 92.76 13.79 41.65 0.077 0.065 100.0 1.00 0.00 BP 92.91 14.30 42.88 0.037 0.033 12.41 2.34 75.92 AT 87.50 49.85 63.70 0.050 0.047 100.0 1.00 0.00 AT BNN 86.69 51.87 64.92 0.267 0.238 200.0 0.50 0.00 Pre. AT 87.50 52.25 66.10 0.041 0.036 100.0 1.00 0.00 ADMM 78.15 47.37 62.15 0.034 0.030 100.0 1.00 75.00 TRADES 80.33 52.08 64.80 0.045 0.042 100.0 1.00 0.00 ANP-VS 88.18 56.21 71.44 0.019 0.016 12.27 2.41 76.53 [Zhang et al., 2019] Theoretically Principled Trade-off between Robustness and Accuracy. ICML 2019
  • 26. Result on CIFAR-100 dataset Our proposed ANP-VS outperforms all the baselines. Model Clean acc. Adv. (WB) Adv. (BB) Vul. (WB) Vul. (BB) Memory xFLOPS Sparsity Standard 67.44 2.81 14.94 0.143 0.119 100.0 1.00 0.00 BP 69.40 3.12 16.39 0.067 0.059 18.59 1.95 63.48 AT 57.79 19.07 32.47 0.079 0.071 100.0 1.00 0.00 AT BNN 53.75 19.40 30.38 0.446 0.385 200.0 0.50 0.00 Pre. AT 57.14 19.86 35.42 0.071 0.065 100.0 1.00 0.00 ADMM 52.52 19.65 31.30 0.060 0.056 100.0 1.00 65.00 TRADES 56.70 21.21 32.81 0.065 0.060 100.0 1.00 0.00 ANP-VS 59.15 22.35 37.01 0.035 0.030 16.74 2.02 68.80
  • 27. Results Both our models outperforms the baselines. Model Clean acc. Adv. (WB) Vul. (WB) AT 87.50 49.85 0.050 AT-VS 87.44 51.52 0.024 ANP 88.36 55.63 0.022 ANP-VS 88.18 56.21 0.016 AT 57.79 19.07 0.079 AT-VS 57.74 20.06 0.061 ANP 58.47 22.20 0.037 ANP-VS 59.15 22.35 0.035 Performance of different components Mean distortion CIFAR-10CIFAR-100
  • 28. Performance with higher compression ANP-VS outperforms the baselines even with higher sparsity of 80%.
  • 29. Performance with higher compression ANP-VS outperforms the baselines even with higher sparsity of 80%.
  • 30. Vulnerability of input-layer features Bayesian pruning zeros out some of the distortions in tha latent-features. However, it does not consider the distortion of the features while pruning. Standard Bayesian Pruning
  • 31. Vulnerability of input-layer features Adversarial training reduces the distortion level of all features. However, adversarial training does not zero out the vulnerable latent-features. Standard Bayesian Pruning Adversarial Training
  • 32. Vulnerability of input-layer features ANP-VS leads to reduction in latent-features distortion which results in robustness. ANP-VS has the largest number of features with zero distortion, and low distortion level in general. Standard Bayesian Pruning Adversarial Training Ours
  • 33. Latent-features visualization Our proposed method leads to significant reduction in the vulnerability of latent-features. Original Standard AT Ours (0.226) (0.126) (0.083) (0.059)(0.104)(0.170) Visualization of the vulnerability of the latent-features with respect to the input pixels for various datasets.
  • 34. Loss surface visualization Also, our proposed method achieves smoother loss surface. It indicates the absence of gradient obfuscation, demonstrating the effectiveness of our method. Standard Bayesian Pruning Adversarial Training Ours
  • 35. Conclusion • We tackle the fundamental cause of vulnerability of deep networks by investigating the distortion of latent-features. Codes available at https://github.com/divyam3897/ANP_VS • Adversarial Neural Pruning with Vulnerability Suppression loss (ANP-VS) prunes the vulnerable features and minimizes the feature vulnerability in order to improve adversarial robustness. • Results show that our models minimizes the feature vulnerability, improves robustness with negligible memory and computational requirements. • We believe that our paper can be an essential part toward building memory-efficient robust models.