Out-of-Distribution Robustness in Deep Learning Compression

In recent years, deep neural network (DNN) compression systems have proved to be highly effective for designing source codes for many natural sources. However, like many other machine learning systems, these compressors suffer from vulnerabilities to distribution shifts as well as outof-distribution (OOD) data, which reduces their real-world applications. In this paper, we initiate the study of OOD robust compression. Considering robustness to two types of ambiguity sets (Wasserstein balls and group shifts), we propose algorithmic and architectural frameworks built on two principled methods: one that trains DNN compressors using distributionally-robust optimization (DRO), and the other which uses a structured latent code. Our results demonstrate that both methods enforce robustness compared to a standard DNN compressor, and that using a structured code can be superior to the DRO compressor. We observe tradeoffs between robustness and distortion and corroborate these findings theoretically for a specific class of sources.

[1]  Deniz Gündüz,et al.  Successive Refinement of Images with Deep Joint Source-Channel Coding , 2019, 2019 IEEE 20th International Workshop on Signal Processing Advances in Wireless Communications (SPAWC).

[2]  Fabio Roli,et al.  Evasion Attacks against Machine Learning at Test Time , 2013, ECML/PKDD.

[3]  John C. Duchi,et al.  Learning Models with Uniform Performance via Distributionally Robust Optimization , 2018, ArXiv.

[4]  Eirikur Agustsson,et al.  Nonlinear Transform Coding , 2020, IEEE Journal of Selected Topics in Signal Processing.

[5]  William Equitz,et al.  Successive refinement of information , 1991, IEEE Trans. Inf. Theory.

[6]  Lucas Theis,et al.  Lossy Image Compression with Compressive Autoencoders , 2017, ICLR.

[7]  Valero Laparra,et al.  End-to-end Optimized Image Compression , 2016, ICLR.

[8]  Karthyek R. A. Murthy,et al.  Quantifying Distributional Model Risk Via Optimal Transport , 2016, Math. Oper. Res..

[9]  Daniel Kuhn,et al.  Data-driven distributionally robust optimization using the Wasserstein metric: performance guarantees and tractable reformulations , 2015, Mathematical Programming.

[10]  Sergio Verdú,et al.  Universal lossy compression under logarithmic loss , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[11]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[12]  Aaron B. Wagner,et al.  Neural Networks Optimally Compress the Sawbridge , 2020, 2021 Data Compression Conference (DCC).

[13]  David Wagner,et al.  Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods , 2017, AISec@CCS.

[14]  P. Chou,et al.  Rate and distortion redundancies for universal source coding with respect to a fidelity criterion , 1993, Proceedings. IEEE International Symposium on Information Theory.

[15]  George J. Pappas,et al.  Model-Based Robust Deep Learning , 2020, ArXiv.

[16]  A. Kleywegt,et al.  Distributionally Robust Stochastic Optimization with Wasserstein Distance , 2016, Math. Oper. Res..

[17]  Benjamin Recht,et al.  Measuring Robustness to Natural Distribution Shifts in Image Classification , 2020, NeurIPS.

[18]  John C. Duchi,et al.  Certifiable Distributional Robustness with Principled Adversarial Training , 2017, ArXiv.

[19]  Tamás Linder,et al.  Optimal entropy-constrained scalar quantization of a uniform source , 2000, IEEE Trans. Inf. Theory.

[20]  Dawn Song,et al.  Natural Adversarial Examples , 2019, 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[21]  Luca Benini,et al.  Soft-to-Hard Vector Quantization for End-to-End Learning Compressible Representations , 2017, NIPS.

[22]  Tsachy Weissman,et al.  The minimax distortion redundancy in noisy source coding , 2003, IEEE Trans. Inf. Theory.

[23]  Tamás Linder,et al.  Fixed-rate universal lossy source coding and rates of convergence for memoryless sources , 1995, IEEE Trans. Inf. Theory.

[24]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.