Achieving adversarial robustness via sparsity

Network pruning has been known to produce compact models without much accuracy degradation. However, how the pruning process affects a network's robustness and the working mechanism behind remain unresolved. In this work, we theoretically prove that the sparsity of network weights is closely associated with model robustness. Through experiments on a variety of adversarial pruning methods, image-classification models and datasets, we find that weights sparsity will not hurt but improve robustness, where both weights inheritance from the lottery ticket and adversarial training improve model robustness in network pruning. Based on these findings, we propose a novel adversarial training method called inverse weights inheritance, which imposes sparse weights distribution on a large network by inheriting weights from a small network, thereby improving the robustness of the large network.

Automated summary

This study demonstrates the correlation between the sparsity of network weights and model robustness, showing that sparsity improves robustness. The proposed inverse weights inheritance method enhances the robustness of large networks by inheriting weights from smaller networks and imposing sparse weights distribution.