Machine Vision, Not Human Vision, Guided Compression Towards Low-Latency and Robust Deep Learning Systems

Abstract

Deep Neural Networks (DNNs) have been achieving extraordinary performance across many exciting real-world applications, including image classification, speech recognition, natural language processing, medical diagnosis, self-driving cars, drones, anomaly detection and recognition of voice commands. However, the de facto DNN technique in real life exposes to two critical issues: First, the ever-increasing amounts of data generated from mobile devices, sensors, and the Internet of Things (IoT) challenge the performance of the DNN system. there lack efficient solutions to reduce the power-hungry data offloading and storage on terminal devices like edge sensors, especially in face of the stringent constraints on communication bandwidth, energy, and hardware resources. Second, DNN models are inherently vulnerable to adversarial examples (AEs), i.e.malicious inputs crafted by adding small and human-imperceptible perturbations to normal inputs, strongly fooling the cognitive function of DNNs. Though image compression technique has been explored to mitigate the adversarial examples, however, existing solutions are unable to offer a good balance between the efficiency of removing adversarial perturbation on malicious inputs and classification accuracy on benign samples. This dissertation makes solid strides towards developing low-latency and robust deep learning systems by for the first time leveraging the deep understandings of the image perception difference between human vision and deep learning systems (a.k.a. "machine vision" in this dissertation). In the first part, we propose to develop three types of “machine vision" guided image compression frameworks, dedicated to accelerating both cloud-based deep learning image classification and 3D medical image segmentation with almost zero accuracy drop, by embracing the nature of deep cascaded information process mechanism of DNN architecture. To the best of our knowledge, this is the first effort to systematically re-architecture existing data compression techniques that are centered around the human vision to be machine vision favorable, thereby achieving significant service speed-up. In the second part, we propose a JPEG-based defensive compression framework, namely “feature-distillation”, to effectively rectify adversarial examples without impacting classification accuracy on benign images. Experimental results show that the very low cost “feature-distillation" can deliver the best defense efficiency with negligible accuracy reduction among existing input pre-processing based defense techniques, serving as a new baseline and reference design for future defense methods development.