Home > Research > Publications & Outputs > GradMDM

Research

Associated organisational unit

Electronic data

  • Layer_wise_Attack

    Rights statement: ©2023 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 861 KB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

Links

Text available via DOI:

View graph of relations

GradMDM: Adversarial Attack on Dynamic Networks

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published
  • Jianhong Pan
  • Lin Geng Foo
  • Qichen Zheng
  • Zhipeng Fan
  • Hossein Rahmani
  • Qiuhong Ke
  • Jun Liu
Close
More...
<mark>Journal publication date</mark>1/09/2023
<mark>Journal</mark>IEEE Transactions on Pattern Analysis and Machine Intelligence
Issue number9
Volume45
Number of pages8
Pages (from-to)11374-11381
Publication StatusPublished
Early online date31/03/23
<mark>Original language</mark>English

Abstract

Dynamic neural networks can greatly reduce computation redundancy without compromising accuracy by adapting their structures based on the input.
In this paper, we explore the robustness of dynamic neural networks against \textit{energy-oriented attacks} targeted at reducing their efficiency.
Specifically, we attack dynamic models with our novel algorithm GradMDM.
GradMDM is a technique that adjusts the direction and the magnitude of the gradients to effectively find a small perturbation for each input, that will activate more computational units of dynamic models during inference. We evaluate GradMDM on multiple datasets and dynamic models, where it outperforms previous energy-oriented attack techniques, significantly increasing computation complexity while reducing the perceptibility of the perturbations.

Bibliographic note

©2023 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.