Doctor of Philosophy (PhD)
First Advisor's Name
First Advisor's Committee Title
Second Advisor's Name
Second Advisor's Committee Title
Third Advisor's Name
Third Advisor's Committee Title
Fourth Advisor's Name
Jean H. Andrian
Fourth Advisor's Committee Title
Fifth Advisor's Name
Fifth Advisor's Committee Title
Machine vision; Deep learning; Image compression; adversarial attack
Date of Defense
Deep Neural Networks (DNNs) have been achieving extraordinary performance across many exciting real-world applications, including image classification, speech recognition, natural language processing, medical diagnosis, self-driving cars, drones, anomaly detection and recognition of voice commands. However, the de facto DNN technique in real life exposes to two critical issues:
First, the ever-increasing amounts of data generated from mobile devices, sensors, and the Internet of Things (IoT) challenge the performance of the DNN system. there lack efficient solutions to reduce the power-hungry data offloading and storage on terminal devices like edge sensors, especially in face of the stringent constraints on communication bandwidth, energy, and hardware resources.
Second, DNN models are inherently vulnerable to adversarial examples (AEs), i.e.malicious inputs crafted by adding small and human-imperceptible perturbations to normal inputs, strongly fooling the cognitive function of DNNs. Though image compression technique has been explored to mitigate the adversarial examples, however, existing solutions are unable to offer a good balance between the efficiency of removing adversarial perturbation on malicious inputs and classification accuracy on benign samples.
This dissertation makes solid strides towards developing low-latency and robust deep learning systems by for the first time leveraging the deep understandings of the image perception difference between human vision and deep learning systems (a.k.a. "machine vision" in this dissertation). In the first part, we propose to develop three types of “machine vision" guided image compression frameworks, dedicated to accelerating both cloud-based deep learning image classification and 3D medical image segmentation with almost zero accuracy drop, by embracing the nature of deep cascaded information process mechanism of DNN architecture. To the best of our knowledge, this is the first effort to systematically re-architecture existing data compression techniques that are centered around the human vision to be machine vision favorable, thereby achieving significant service speed-up. In the second part, we propose a JPEG-based defensive compression framework, namely “feature-distillation”, to effectively rectify adversarial examples without impacting classification accuracy on benign images. Experimental results show that the very low cost “feature-distillation" can deliver the best defense efficiency with negligible accuracy reduction among existing input pre-processing based defense techniques, serving as a new baseline and reference design for future defense methods development.
Previously Published In
Liu, Zihao, et al. "DeepN-JPEG: a deep neural network favorable JPEG-based image compression framework." Proceedings of the 55th Annual Design Automation Conference. 2018.
Z. Liu et al., "Feature Distillation: DNN-Oriented JPEG Compression Against Adversarial Examples," 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, CA, USA, 2019, pp. 860-868.
Zihao Liu, Xiaowei Xu, Tao Liu, Qi Liu, Yanzhi Wang, Yiyu Shi, Wujie Wen, Meiping Huang, Haiyun Yuan, Jian Zhuang; The IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019, pp. 12687-12696.
Liu, Zihao, "Machine Vision, Not Human Vision, Guided Compression Towards Low-Latency and Robust Deep Learning Systems" (2020). FIU Electronic Theses and Dissertations. 4385.
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).