TY - JOUR
T1 - Deep neural network topology optimization against neural attacks
AU - Shamshiri, Samaneh
AU - Sohn, Insoo
N1 - Publisher Copyright:
© 2025 Elsevier Ltd
PY - 2025/10/1
Y1 - 2025/10/1
N2 - Recent studies show that the security and reliability of DNNs have become one of the most important challenges for these systems. Even state-of-the-art DNNs are significantly vulnerable to adversarial attacks. These attacks involve small, carefully crafted perturbations in the input data that are imperceptible to the human eye, yet can manipulate the network and significantly degrade its performance. On the other hand, the topology of neural networks—the arrangement and connectivity of neurons—plays a critical role in their robustness against such attacks. Optimizing DNN topology can significantly enhance robustness against adversarial attacks without relying solely on computationally expensive methods like adversarial training. Topology optimization techniques, such as pruning, neural architecture search (NAS), evolutionary algorithms, quantization, and complex network theories, have emerged as powerful methods for improving both the efficiency and robustness of ANNs. These techniques modify the structure of the network to not only improve performance but also enhance its resilience against adversarial attacks and reduce computational costs. To the best of our knowledge, this paper is the first comprehensive review that explores these optimization techniques together, offering an entirely new perspective on their potential for improving the security of DNNs in adversarial environments. However, balancing performance, robustness, and efficiency remains a critical consideration in DNN topology optimization. Techniques like progressive pruning, mixed-precision quantization, and robustness-aware NAS offer potential solutions to address the existing limitations. Additionally, explainability and interpretability are crucial aspects of robust optimization, demanding further research to ensure transparency and accountability in DNN decision-making. Shifting focus from solely weight-based defense mechanisms to topology optimization presents a paradigm shift in DNN security research. Therefore, this work aims to guide future research toward more robust and efficient neural networks.
AB - Recent studies show that the security and reliability of DNNs have become one of the most important challenges for these systems. Even state-of-the-art DNNs are significantly vulnerable to adversarial attacks. These attacks involve small, carefully crafted perturbations in the input data that are imperceptible to the human eye, yet can manipulate the network and significantly degrade its performance. On the other hand, the topology of neural networks—the arrangement and connectivity of neurons—plays a critical role in their robustness against such attacks. Optimizing DNN topology can significantly enhance robustness against adversarial attacks without relying solely on computationally expensive methods like adversarial training. Topology optimization techniques, such as pruning, neural architecture search (NAS), evolutionary algorithms, quantization, and complex network theories, have emerged as powerful methods for improving both the efficiency and robustness of ANNs. These techniques modify the structure of the network to not only improve performance but also enhance its resilience against adversarial attacks and reduce computational costs. To the best of our knowledge, this paper is the first comprehensive review that explores these optimization techniques together, offering an entirely new perspective on their potential for improving the security of DNNs in adversarial environments. However, balancing performance, robustness, and efficiency remains a critical consideration in DNN topology optimization. Techniques like progressive pruning, mixed-precision quantization, and robustness-aware NAS offer potential solutions to address the existing limitations. Additionally, explainability and interpretability are crucial aspects of robust optimization, demanding further research to ensure transparency and accountability in DNN decision-making. Shifting focus from solely weight-based defense mechanisms to topology optimization presents a paradigm shift in DNN security research. Therefore, this work aims to guide future research toward more robust and efficient neural networks.
KW - Adversarial attacks
KW - Complex networks
KW - Evolutionary algorithms
KW - Neural architecture search
KW - Pruning
KW - Quantization
UR - https://www.scopus.com/pages/publications/105007970004
U2 - 10.1016/j.eswa.2025.128474
DO - 10.1016/j.eswa.2025.128474
M3 - Review article
AN - SCOPUS:105007970004
SN - 0957-4174
VL - 291
JO - Expert Systems with Applications
JF - Expert Systems with Applications
M1 - 128474
ER -