Towards Certificated Model Robustness Against Weight Perturbations

Author(s)

Weng, Tsui-Wei; Zhao, Pu; Liu, Sijia; Chen, Pin-Yu; Lin, Xue; Daniel, Luca; ... Show more Show less

Abstract

<jats:p>This work studies the sensitivity of neural networks to weight perturbations, firstly corresponding to a newly developed threat model that perturbs the neural network parameters. We propose an efficient approach to compute a certified robustness bound of weight perturbations, within which neural networks will not make erroneous outputs as desired by the adversary. In addition, we identify a useful connection between our developed certification method and the problem of weight quantization, a popular model compression technique in deep neural networks (DNNs) and a ‘must-try’ step in the design of DNN inference engines on resource constrained computing platforms, such as mobiles, FPGA, and ASIC. Specifically, we study the problem of weight quantization – weight perturbations in the non-adversarial setting – through the lens of certificated robustness, and we demonstrate significant improvements on the generalization ability of quantized networks through our robustness-aware quantization scheme.</jats:p>

Date issued

2020

URI

https://hdl.handle.net/1721.1/143107

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Massachusetts Institute of Technology. Research Laboratory of Electronics
MIT-IBM Watson AI Lab

Journal

Proceedings of the AAAI Conference on Artificial Intelligence

Publisher

Association for the Advancement of Artificial Intelligence (AAAI)

Citation

Weng, Tsui-Wei, Zhao, Pu, Liu, Sijia, Chen, Pin-Yu, Lin, Xue et al. 2020. "Towards Certificated Model Robustness Against Weight Perturbations." Proceedings of the AAAI Conference on Artificial Intelligence, 34 (04).

Version: Final published version