Quantized neural networks (QNNs) are increasingly used for efficient deployment of deep learning models on resource-constrained platforms, such as mobile devices and edge computing systems. While quantization reduces model size and computational demands, its impact on adversarial robustness-especially against patch-based attacks-remains inadequately addressed. Patch-based attacks, characterized by localized, high-visibility perturbations, pose significant security risks due to their transferability and resilience. In this study, we systematically evaluate the vulnerability of QNNs to patch-based adversarial attacks across various quantization levels and architectures, focusing on factors that contribute to the robustness of these attacks. Through experiments analyzing feature representations, quantization strength, gradient alignment, and spatial sensitivity, we find that patch attacks consistently achieve high success rates across bitwidths and architectures, demonstrating significant transferability even in heavily quantized models. Contrary to the expectation that quantization might enhance adversarial defenses, our results show that QNNs remain highly susceptible to patch attacks due to the persistence of distinct, localized features within quantized representations. These findings underscore the need for quantization-aware defenses that address the specific challenges posed by patch-based attacks. Our work contributes to a deeper understanding of adversarial robustness in QNNs and aims to guide future research in developing secure, quantization-compatible defenses for real-world applications.

翻译：量化神经网络（QNNs）正日益广泛地应用于资源受限平台（如移动设备和边缘计算系统）上高效部署深度学习模型。量化虽能减小模型规模并降低计算需求，但其对对抗鲁棒性——尤其是针对基于补丁的攻击——的影响仍未得到充分探讨。基于补丁的攻击以局部化、高可见性的扰动为特征，因其可迁移性和强韧性而构成显著的安全风险。本研究系统评估了QNNs在不同量化级别和架构下对基于补丁的对抗攻击的脆弱性，重点关注影响此类攻击鲁棒性的关键因素。通过分析特征表示、量化强度、梯度对齐和空间敏感性的实验，我们发现补丁攻击在不同比特宽度和架构中均能持续实现高成功率，即使在重度量化模型中亦表现出显著的可迁移性。与量化可能增强对抗防御的预期相反，我们的结果表明，由于量化表示中仍存在独特的局部化特征，QNNs对补丁攻击依然高度脆弱。这些发现强调了需要开发量化感知的防御机制，以应对基于补丁的攻击带来的特殊挑战。本研究有助于深化对QNNs对抗鲁棒性的理解，旨在为未来开发面向实际应用的安全且兼容量化的防御方法提供指导。