Go to ICLR 2026 Conference homepageTowards Compact and Certified Robust DNNs Against Semantic Perturbations
Keywords: Model Robustness, Model Compression
Abstract: Compactness and robustness are both critical for deploying DNN models, yet most prior work focuses on optimizing one aspect. Few efforts work on obtaining compact DNNs that maintain consistent predictions under semantic mutations, such as changes in facial expression or illumination.
To fill this gap, we propose $\textbf{C}$ompression-$\textbf{A}$ware Semantic $\textbf{R}$obustness (CAR) training scheme.
Inspired by prior studies on model loss landscapes, we design a composite training objective that guides the pruning mask optimization toward flatter loss regions. We further explicitly incorporate certification conditions on semantically mutated data and enforce consistency between the soft mask used during training and the hard binary mask deployed at inference.
The pruned models obtained via CAR consistently achieve higher robustness than the baselines, with improvements of 17\%–64\% on CelebA-HQ and Flowers-102 across ResNet-18, GoogLeNet, and MobileNet-V2, while maintaining task accuracy comparable to the corresponding no-prune models.
Primary Area: optimization
Submission Number: 4393
Loading