HASI: Hardware-Accelerated Stochastic Inference, A Defense Against Adversarial Machine Learning Attacks

Samavatian, Mohammad Hossein; Majumdar, Saikat; Barber, Kristin; Teodorescu, Radu

doi:10.48550/arxiv.2106.05825

Cited by 1 publication

(1 citation statement)

References 24 publications

(35 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several techniques have been proposed to mitigate adversarial attacks [36], [43], for example, pre-processing-based defenses [33], [44], [45], [46], [47], [48], gradient masking [49], adversarial training [50], and dataset encryption [51], but these techniques are model-specific or require access to the complete model parameters [52]. Hence, these techniques cannot be applied in the more stringent (and arguably realistic) threat model for HC-based inference.…”

Section: A Related Workmentioning

confidence: 99%

StAIn: Stealthy Avenues of Attacks on Horizontally Collaborated Convolutional Neural Network Inference and Their Mitigation

et al. 2023

View full text Add to dashboard Cite

With significant potential improvement in device-to-device (D2D) communication due to improved wireless link capacity (e.g., 5G and NextG systems), a collaboration of multiple edge devices (called horizontal collaboration (HC)) is becoming a reality for real-time Edge Intelligence (EI). The distributed nature of HC offers an advantage against traditional adversarial attacks because the adversary does not have access to the entire deep learning architecture (DLA). Due to the involvement of multiple untrusted edge devices in HC environment, the possibility of malicious devices cannot be eliminated. In this paper, we unearth some attacks that are very effective and stealthy even when the attacker has minimal knowledge of the DLA as is the case in HC-based DLA. We are also providing novel filtering methods to mitigate such attacks. Our novel attacks leverage local information available on output feature maps (FMs) of a targeted edge device to modify the regular adversarial attacks (e.g. Fast Gradient Signed Method (FGSM) and Jacobian-based Saliency Map Attack (JSMA)). Similarly, a customized convolutional neural network (CNN) based filter is empirically designed, developed, and tested. Four different CNN models (LeNet, CapsuleNet, MiniVGGNet, and VGG16) are used to validate the proposed attacks and defense methodologies. Our three attacks on four different CNN models (with two variations of each attack) show a substantial accuracy drop of 62% on average. The proposed filtering approach is able to mitigate the attack by recovering the actual accuracy back to 75.1% on average. To the best of our knowledge, this is the first work that investigates the security vulnerability of DLA in the HC environment, and all three of our attacks are scalable and agnostic to the partition location within the DLA.

show abstract