International Business Machines Corporation
ROBUSTNESS-AWARE QUANTIZATION FOR NEURAL NETWORKS AGAINST WEIGHT PERTURBATIONS

Abstract:

A method of utilizing a computing device to optimize weights within a neural network to avoid adversarial attacks includes receiving, by a computing device, a neural network for optimization. The method further includes determining, by the computing device, on a region by region basis one or more robustness bounds for weights within the neural network. The robustness bounds indicating values beyond which the neural network generates an erroneous output upon performing an adversarial attack on the neural network. The computing device further averages all robustness bounds on the region by region basis. The computing device additionally optimizes weights for adversarial proofing the neural network based at least in part on the averaged robustness bounds.