Deep neural network topology optimization against neural attacks

Abstract

Recent studies show that the security and reliability of DNNs have become one of the most important challenges for these systems. Even state-of-the-art DNNs are significantly vulnerable to adversarial attacks. These attacks involve small, carefully crafted perturbations in the input data that are imperceptible to the human eye, yet can manipulate the network and significantly degrade its performance. On the other hand, the topology of neural networks-the arrangement and connectivity of neurons-plays a critical role in their robustness against such attacks. Optimizing DNN topology can significantly enhance robustness against adversarial attacks without relying solely on computationally expensive methods like adversarial training. Topology optimization techniques, such as pruning, neural architecture search (NAS), evolutionary algorithms, quantization, and complex network theories, have emerged as powerful methods for improving both the efficiency and robustness of ANNs. These techniques modify the structure of the network to not only improve performance but also enhance its resilience against adversarial attacks and reduce computational costs. To the best of our knowledge, this paper is the first comprehensive review that explores these optimization techniques together, offering an entirely new perspective on their potential for improving the security of DNNs in adversarial environments. However, balancing performance, robustness, and efficiency remains a critical consideration in DNN topology optimization. Techniques like progressive pruning, mixed-precision quantization, and robustness-aware NAS offer potential solutions to address the existing limitations. Additionally, explainability and interpretability are crucial aspects of robust optimization, demanding further research to ensure transparency and accountability in DNN decision-making. Shifting focus from solely weight-based defense mechanisms to topology optimization presents a paradigm shift in DNN security research. Therefore, this work aims to guide future research toward more robust and efficient neural networks.