Deep Neural Networks (DNNs) have revolutionized a wide range of industries, from healthcare and finance to automotive, by offering unparalleled capabilities in data analysis and decision-making. Despite their transforming impact, DNNs face two critical challenges: the vulnerability to adversarial attacks and the increasing computational costs associated with more complex and larger models. In this paper, we introduce an effective method designed to simultaneously enhance adversarial robustness and execution efficiency. Unlike prior studies that enhance robustness via uniformly injecting noise, we introduce a non-uniform noise injection algorithm, strategically applied at each DNN layer to disrupt adversarial perturbations introduced in attacks. By employing approximation techniques, our approach identifies and protects essential neurons while strategically introducing noise into non-essential neurons. Our experimental results demonstrate that our method successfully enhances both robustness and efficiency across several attack scenarios, model architectures, and datasets.

翻译：深度神经网络（DNN）已通过提供无与伦比的数据分析与决策能力，深刻变革了医疗、金融、汽车等众多行业。尽管其影响深远，但DNN仍面临两大关键挑战：易受对抗攻击的脆弱性，以及因模型日益复杂庞大而带来的计算成本攀升。本文提出了一种有效方法，可同时提升对抗鲁棒性与执行效率。与先前通过均匀注入噪声增强鲁棒性的研究不同，我们引入了一种非均匀噪声注入算法，该算法以策略性方式在每层DNN中应用，以破坏攻击引入的对抗扰动。通过运用近似技术，我们的方法能够识别并保护关键神经元，同时有选择性地向非关键神经元注入噪声。实验结果表明，在多种攻击场景、模型架构及数据集上，该方法成功提升了鲁棒性与效率。