A Robust Heterogeneous Offloading Setup Using Adversarial Training

Deep Neural Networks (DNNs) are very resource-demanding at inference time. Hence, one needs to be able to offload the model execution on the cloud as a solution. The problem is that we should use the same model on both resource-constrained devices and cloud sides. On the other hand, adversarial robustness is one of the main issues in many real-world applications, such as autonomous driving, where one desires model stability under imperceptible but adversarial input perturbations. However, adversarial training (AT) requires access to the actual model architecture and weights during the training. In our setup, two different deep models (suitable for each side) are broken into several blocks. Then, we select a combination of blocks to perform the computation according to the constraints in the inference time, and each block is executed on its respective side. Moreover, we propose a novel modified AT method that can virtually train all the mentioned blocks collectively. Rigorous evaluations of our method on CIFAR-10 and CIFAR-100 show that the proposed AT is effective in making the models robust under various offloading scenarios. Furthermore, we show that the more blocks of the large network are present in the selected model, the higher the final accuracy. To the best of our knowledge, our method is the first one, in which a heterogeneous offloading scheme under adversarial robustness is investigated.