Close

Presentation

Garrison: A High-Performance GPU-Accelerated Inference System for Adversarial Ensemble Defense
SessionOptimizing Both Directions: Better AI Algorithm for Systems and Better Systems for AI
DescriptionAdversarial ensemble defense is one of the most effective techniques for defending against adversarial attacks, which constructs ensembles of multiple DNNs to improve the model's robustness. However, deploying ensemble defense methods on existing DNN inference systems is inefficient and impractical due to their dynamics and randomness. To this end, we propose an inference system for adversarial ensemble defense called Garrison, which can deliver robust and low-latency predictions using Multi-Instance GPUs. Our evaluations show that Garrison can improve adversarial robustness by up to 24.5% while accelerating ensemble inference by up to 6.6x compared to the state-of-the-art inference framework.
Authors
Yan Wang
Institute of Information Engineering, Chinese Academy of Sciences
Xingbin Wang
Institute of Information Engineering, Chinese Academy of Sciences
Zechao Lin
Institute of Information Engineering, Chinese Academy of Sciences
Yulan Su
Institute of Information Engineering, Chinese Academy of Sciences
Sisi Zhang
Institute of Information Engineering, Chinese Academy of Sciences
Rui Hou
Institute of Information Engineering, Chinese Academy of Sciences
Dan Meng
Institute of Information Engineering, Chinese Academy of Sciences
Event Type
Research Manuscript
TimeWednesday, June 2610:45am - 11:00am PDT
Location3008, 3rd Floor
Topics
AI
Design
Keywords
AI/ML System and Platform Design
Next PresentationNext Presentation
AdaptiveFL: Adaptive Heterogeneous Federated Learning for Resource-Constrained AIoT Systems