The increasing size of Deep Neural Networks (DNNs) poses a pressing need for model compression, particularly when employed on resource constrained devices. Concurrently, the susceptibility of DNNs to adversarial attacks presents another significant hurdle. Despite substantial research on both model compression and adversarial robustness, their joint examination remains underexplored. Our study bridges this gap, seeking to understand the effect of adversarial inputs crafted for base models on their pruned versions. To examine this relationship, we have developed a comprehensive benchmark across diverse adversarial attacks and popular DNN models. We uniquely focus on models not previously exposed to adversarial training and apply pruning schemes optimized for accuracy and performance. Our findings reveal that while the benefits of pruning enhanced generalizability, compression, and faster inference times are preserved, adversarial robustness remains comparable to the base model. This suggests that model compression while offering its unique advantages, does not undermine adversarial robustness.

翻译：深度神经网络（DNN）规模的不断增大对模型压缩提出了迫切需求，尤其是在资源受限设备上的应用场景。与此同时，DNN对对抗攻击的敏感性构成了另一重大挑战。尽管针对模型压缩和对抗鲁棒性已有大量研究，但对二者联合性的探讨仍显不足。本研究填补了这一空白，旨在探究针对基础模型生成的对抗性输入对其剪枝版本的影响。为考察这一关系，我们构建了一个涵盖多种对抗攻击和主流DNN模型的综合性基准测试。我们特别聚焦于未经过对抗训练的基础模型，并采用针对精度和性能优化的剪枝方案。研究结果表明：剪枝在保持泛化性提升、模型压缩和推理加速优势的同时，其对抗鲁棒性与原始基础模型相比仍保持可比性。这意味着模型压缩在提供独特优势的同时，并不会削弱对抗鲁棒性。