Cited By
View all- Adeyemo APatel PHasan SAshiqur Rahaman MHomsi S(2024)Securing Pseudo-Model Parallelism-Based Collaborative DNN Inference for Edge DevicesIEEE Access10.1109/ACCESS.2024.347729312(159952-159965)Online publication date: 2024
Enhancing the Security of Collaborative Deep Neural Networks: An Examination of the Effect of Low Pass Filters
Pages 461 - 465
Abstract
To ensure that accuracy and latency are not compromised while deploying Deep Neural Networks (DNNs) on edge devices, trained DNN models can be partitioned across many collaborating edge devices for inference. However, this collaborative inference paradigm raises new security risks because one of the collaborating edge devices could be malicious or compromised, leading to compromised accuracy and reliability of inference results. To address this challenge, this paper explores the use of low-pass filters to enhance the robustness of Collaborative DNNs. The study deploys a VGG16 network, trained on the German Traffic Sign Recognition Benchmarks (GTSRB) dataset, and a MobileNet network trained on the ImageNet dataset, using two prevalent collaborative inference methodologies. The output feature maps (FMs) of a vulnerable edge device are perturbed using four advanced adversarial noises, namely Speckle, Salt-and-Pepper, Gaussian noise, and the Fast Gradient Signed Method (FGSM). Experimental results demonstrate that implementing low-pass filtering can significantly enhance the robustness of Collaborative DNNs. On average, the top-1 classification accuracy is improved by 2.1x times, making the DNNs more robust to adversarial attacks.
References
[1]
A. Adeyemo, F. Khalid, T. Odetola, and S. R. Hasan, "Security analysis of capsule network inference using horizontal collaboration," in 2021 IEEE International Midwest Symposium on Circuits and Systems (MWSCAS), pp. 1074--1077, IEEE, 2021.
[2]
A. Olatunji, I. Bhattacharya,W.Adepoju, E. N. Esfahani, and T. Banik, "Application of artificial intelligence in optimization of solid state transformer core for modern electric vehicles using multi-objective genetic algorithm," in 2022 IEEE Vehicle Power and Propulsion Conference (VPPC), pp. 1--7, IEEE, 2022.
[3]
H. Gao, Y. Tian, R. Yao, F. Xu, X. Fu, and S. Zhong, "Exploiting adversarial examples to drain computational resources on mobile deep learning systems," in 2020 IEEE/ACM Symposium on Edge Computing (SEC), pp. 334--339, IEEE, 2020.
[4]
L. Zeng, X. Chen, Z. Zhou, L. Yang, and J. Zhang, "Coedge: Cooperative dnn inference with adaptive workload partitioning over heterogeneous edge devices," IEEE/ACM Transactions on Networking, vol. 29, no. 2, pp. 595--608, 2020.
[5]
J. Mao, X. Chen, K. W. Nixon, C. Krieger, and Y. Chen, "Modnn: Local distributed mobile computing system for deep neural network," in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, pp. 1396--1401, IEEE, 2017.
[6]
A. A. Adeyemo, J. J. Sanderson, T. A. Odetola, F. Khalid, and S. R. Hasan, "Stain: Stealthy avenues of attacks on horizontally collaborated convolutional neural network inference and their mitigation," IEEE Access, vol. 11, pp. 10520--10534, 2023.
[7]
X. Wang, Y. Han, V. C. Leung, D. Niyato, X. Yan, and X. Chen, "Convergence of edge computing and deep learning: A comprehensive survey," IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp. 869--904, 2020.
[8]
A. Adeyemo, T. Sandefur, T. A. Odetola, and S. R. Hasan, "Towards enabling dynamic convolution neural network inference for edge intelligence," in 2022 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1833--1837, 2022.
[9]
T. A. Odetola, F. Khalid, H.Mohammed, T. C. Sandefur, and S. R. Hasan, "Feshi: Feature map-based stealthy hardware intrinsic attack," IEEE Access, vol. 9, pp. 115370--115387, 2021.
[10]
A. Shafahi, M. Najibi, M. A. Ghiasi, Z. Xu, J. Dickerson, C. Studer, L. S. Davis, G. Taylor, and T. Goldstein, "Adversarial training for free!," Advances in Neural Information Processing Systems, vol. 32, 2019.
[11]
W. Brendel, J. Rauber, and M. Bethge, "Decision-based adversarial attacks: Reliable attacks against black-box machine learning models," arXiv preprint arXiv:1712.04248, 2017.
[12]
K. D. Gupta, D. Dasgupta, and Z. Akhtar, "Adversarial input detection using image processing techniques (ipt)," in 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pp. 0309--0315, IEEE, 2020.
[13]
Y. Zhu, J. Sun, and Z. Li, "Rethinking adversarial transferability from a data distribution perspective," in International Conference on Learning Representations, 2021.
[14]
B. Peng, B. Peng, J. Zhou, J. Xia, and L. Liu, "Speckle-variant attack: Toward transferable adversarial attack to sar target recognition," IEEE Geoscience and Remote Sensing Letters, vol. 19, pp. 1--5, 2022.
[15]
G. Carbone, M. Wicker, L. Laurenti, A. Patane, L. Bortolussi, and G. Sanguinetti, "Robustness of bayesian neural networks to gradient-based attacks," Advances in Neural Information Processing Systems, vol. 33, pp. 15602--15613, 2020.
[16]
F. Zhang, Y. Wang, S. Liu, and H. Wang, "Decision-based evasion attacks on tree ensemble classifiers," World Wide Web, vol. 23, no. 5, pp. 2957--2977, 2020.
[17]
J. Owotogbe, T. Ibiyemi, and B. Adu, "A comprehensive review on various types of noise in image processing," int. J. Sci. eng. res, vol. 10, no. 11, pp. 388--393, 2019.
[18]
N. Narodytska and S. P. Kasiviswanathan, "Simple black-box adversarial perturbations for deep networks," arXiv preprint arXiv:1612.06299, 2016.
[19]
M.-I. Nicolae, M. Sinn, M. N. Tran, B. Buesser, A. Rawat, M. Wistuba, V. Zantedeschi, N. Baracaldo, B. Chen, H. Ludwig, et al., "Adversarial robustness toolbox v1. 0.0," arXiv preprint arXiv:1807.01069, 2018.
[20]
A. Camuto, M. Willetts, U. Simsekli, S. J. Roberts, and C. C. Holmes, "Explicit regularisation in gaussian noise injections," Advances in Neural Information Processing Systems, vol. 33, pp. 16603--16614, 2020.
[21]
J. Azzeh, B. Zahran, and Z. Alqadi, "Salt and pepper noise: Effects and removal," JOIV: International Journal on Informatics Visualization, vol. 2, no. 4, pp. 252--256, 2018.
[22]
P. Hiremath, P. T. Akkasaligar, S. Badiger, and G. Gunarathne, "Speckle noise reduction in medical ultrasound images," Advancements and breakthroughs in ultrasound imaging, vol. 1, no. 8, pp. 1--8, 2013.
[23]
K. Simonyan, A. Vedaldi, and A. Zisserman, "Deep inside convolutional networks: Visualising image classification models and saliency maps," arXiv preprint arXiv:1312.6034, 2013.
[24]
V. Tyagi, Understanding digital image processing. CRC Press, 2018.
[25]
K. Simonyan and A. Zisserman, "Very deep convolutional networks for large-scale image recognition," arXiv preprint arXiv:1409.1556, 2014.
[26]
K. Kranthi Kumar, R. Bharadwaj, S. Ch, and S. Sujana, "Effective deep learning approach based on vgg-mini architecture for iris recognition," Annals of the Romanian Society for Cell Biology, pp. 4718--4726, 2021.
[27]
J. Stallkamp, M. Schlipsing, J. Salmen, and C. Igel, "The german traffic sign recognition benchmark: a multi-class classification competition," in The 2011 international joint conference on neural networks, pp. 1453--1460, IEEE, 2011.
[28]
J. Deng,W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei, "Imagenet: A large-scale hierarchical image database," in 2009 IEEE conference on computer vision and pattern recognition, pp. 248--255, Ieee, 2009.
[29]
Z. Dou, S. J. Osher, and B. Wang, "Mathematical analysis of adversarial attacks," arXiv preprint arXiv:1811.06492, 2018.
[30]
T. E. Oliphant, "Python for scientific computing," Computing in science & engineering, vol. 9, no. 3, pp. 10--20, 2007.
[31]
H. Ali, F. Khalid, H. A. Tariq, M. A. Hanif, R. Ahmed, and S. Rehman, "Sscnets: Robustifying dnns using secure selective convolutional filters," IEEE Design & Test, vol. 37, no. 2, pp. 58--65, 2019.
[32]
D. N. H. Thanh, S. Engínoğlu, et al., "An iterative mean filter for image denoising," IEEE Access, vol. 7, pp. 167847--167859, 2019.
[33]
X. Weizheng, X. Chenqi, J. Zhengru, and H. Yueping, "Digital image denoising method based on mean filter," in 2020 International Conference on Computer Engineering and Application (ICCEA), pp. 857--859, IEEE, 2020.
[34]
A. Bianchi, M. R. Vendra, P. Protopapas, and M. Brambilla, "Improving image classification robustness through selective cnn-filters fine-tuning," arXiv preprint arXiv:1904.03949, 2019.
[35]
R. Shao, Z. Shi, J. Yi, P.-Y. Chen, and C.-J. Hsieh, "On the adversarial robustness of vision transformers," 2022.
Index Terms
- Enhancing the Security of Collaborative Deep Neural Networks: An Examination of the Effect of Low Pass Filters
Recommendations
Is approximation universally defensive against adversarial attacks in deep neural networks?
DATE '22: Proceedings of the 2022 Conference & Exhibition on Design, Automation & Test in EuropeApproximate computing is known for its effectiveness in improvising the energy efficiency of deep neural network (DNN) accelerators at the cost of slight accuracy loss. Very recently, the inexact nature of approximate components, such as approximate ...
Explainable AI for Inspecting Adversarial Attacks on Deep Neural Networks
Artificial Intelligence and Soft ComputingAbstractDeep Neural Networks (DNN) are state of the art algorithms for image classification. Although significant achievements and perspectives, deep neural networks and accompanying learning algorithms have some important challenges to tackle. However, ...
Higher density wavelet frames with symmetric low-pass and band-pass filters
This paper presents a new set of higher density wavelet frames with symmetric low-pass and band-pass wavelet filters. Based on the maximally flat low-pass linear-phase FIR filter and spectral factorization, two types of design approaches are proposed, ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2023
731 pages
ISBN:9798400701252
DOI:10.1145/3583781
- General Chairs:
- Himanshu Thapliyal,
- Ronald DeMara,
- Program Chairs:
- Inna Partin-Vaisband,
- Srinivas Katkoori
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 June 2023
Check for updates
Author Tags
Qualifiers
- Short-paper
Funding Sources
- Tennessee Tech University's Center for Manufacturing Research
- National Science Foundation
Conference
GLSVLSI '23
Sponsor:
Acceptance Rates
Overall Acceptance Rate 312 of 1,156 submissions, 27%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 59Total Downloads
- Downloads (Last 12 months)29
- Downloads (Last 6 weeks)5
Reflects downloads up to 26 Nov 2024
Other Metrics
Citations
Cited By
View all- Adeyemo APatel PHasan SAshiqur Rahaman MHomsi S(2024)Securing Pseudo-Model Parallelism-Based Collaborative DNN Inference for Edge DevicesIEEE Access10.1109/ACCESS.2024.347729312(159952-159965)Online publication date: 2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in