Integer-Arithmetic-Only Certified Robustness for Quantized Neural Networks

Haowen Lin, Jian Lou, Li Xiong, Cyrus Shahabi; Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2021, pp. 7828-7837

Abstract


Adversarial data examples have drawn significant attention from the machine learning and security communities. A line of work on tackling adversarial examples is certified robustness via randomized smoothing that can provide a theoretical robustness guarantee. However, such a mechanism usually uses floating-point arithmetic for calculations in inference and requires large memory footprints and daunting computational costs. These defensive models cannot run efficiently on edge devices nor be deployed on integer-only logical units such as Turing Tensor Cores or integer-only ARM processors. To overcome these challenges, we propose an integer randomized smoothing approach with quantization to convert any classifier into a new smoothed classifier, which uses integer-only arithmetic for certified robustness against adversarial perturbations. We prove a tight robustness guarantee under L2-norm for the proposed approach. We show our approach can obtain a comparable accuracy and 4x 5x speedup over floating-point arithmetic certified robust methods on general-purpose CPUs and mobile devices on two distinct datasets (CIFAR-10 and Caltech-101).

Related Material


[pdf] [supp] [arXiv]
[bibtex]
@InProceedings{Lin_2021_ICCV, author = {Lin, Haowen and Lou, Jian and Xiong, Li and Shahabi, Cyrus}, title = {Integer-Arithmetic-Only Certified Robustness for Quantized Neural Networks}, booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV)}, month = {October}, year = {2021}, pages = {7828-7837} }