Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Impact of Architectural Modifications on Deep Learning Adversarial Robustness

Firuz Juraev, Mohammed Abuhamad, Simon S. Woo, George K Thiruvathukal, Tamer Abuhmed

TL;DR

The paper investigates how architectural modifications influence deep learning robustness to adversarial perturbations in computer vision. It evaluates variations of VGG, Inception, and MobileNet architectures on ImageNet against white-box attacks FGSM, PGD, and C&W, reporting attack success rate, attack time, and noise via $1 - \text{SSIM}$. Key findings show that batch normalization can improve accuracy but may reduce robustness for VGG; newer Inception variants (V4, ResNet V2) exhibit greater adversarial resilience, and MobileNet V3, especially the small variant with squeeze-and-excitation and hard-swish, also demonstrates enhanced robustness. The results underscore the need for comprehensive robustness assessments when deploying updated architectures in safety- and security-critical settings.

Abstract

Rapid advancements of deep learning are accelerating adoption in a wide variety of applications, including safety-critical applications such as self-driving vehicles, drones, robots, and surveillance systems. These advancements include applying variations of sophisticated techniques that improve the performance of models. However, such models are not immune to adversarial manipulations, which can cause the system to misbehave and remain unnoticed by experts. The frequency of modifications to existing deep learning models necessitates thorough analysis to determine the impact on models' robustness. In this work, we present an experimental evaluation of the effects of model modifications on deep learning model robustness using adversarial attacks. Our methodology involves examining the robustness of variations of models against various adversarial attacks. By conducting our experiments, we aim to shed light on the critical issue of maintaining the reliability and safety of deep learning models in safety- and security-critical applications. Our results indicate the pressing demand for an in-depth assessment of the effects of model changes on the robustness of models.

Impact of Architectural Modifications on Deep Learning Adversarial Robustness

TL;DR

The paper investigates how architectural modifications influence deep learning robustness to adversarial perturbations in computer vision. It evaluates variations of VGG, Inception, and MobileNet architectures on ImageNet against white-box attacks FGSM, PGD, and C&W, reporting attack success rate, attack time, and noise via . Key findings show that batch normalization can improve accuracy but may reduce robustness for VGG; newer Inception variants (V4, ResNet V2) exhibit greater adversarial resilience, and MobileNet V3, especially the small variant with squeeze-and-excitation and hard-swish, also demonstrates enhanced robustness. The results underscore the need for comprehensive robustness assessments when deploying updated architectures in safety- and security-critical settings.

Abstract

Rapid advancements of deep learning are accelerating adoption in a wide variety of applications, including safety-critical applications such as self-driving vehicles, drones, robots, and surveillance systems. These advancements include applying variations of sophisticated techniques that improve the performance of models. However, such models are not immune to adversarial manipulations, which can cause the system to misbehave and remain unnoticed by experts. The frequency of modifications to existing deep learning models necessitates thorough analysis to determine the impact on models' robustness. In this work, we present an experimental evaluation of the effects of model modifications on deep learning model robustness using adversarial attacks. Our methodology involves examining the robustness of variations of models against various adversarial attacks. By conducting our experiments, we aim to shed light on the critical issue of maintaining the reliability and safety of deep learning models in safety- and security-critical applications. Our results indicate the pressing demand for an in-depth assessment of the effects of model changes on the robustness of models.
Paper Structure (8 sections, 6 figures, 1 table)

This paper contains 8 sections, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Experimental Settings
  3. Experimental results
  4. Batch Normalization Effects on VGG models
  5. Architectural Updates Effects on Inceptions
  6. Architectural Updates Effects on MobileNets
  7. Discussion
  8. Conclusion

Figures (6)

  • Figure 1: The accuracy of adopted models.
  • Figure 2: The impact of Batch normalization on VGG models.
  • Figure 3: Attack success rate, attack time, and attack noise rate on VGG and VGG BN models.
  • Figure 4: Attack success rate, attack time, and attack noise rate on Inception models.
  • Figure 5: Attack success rate, attack time, and attack noise rate on MobileNet models.
  • ...and 1 more figures