TY - GEN
T1 - Energy-Latency Attacks to On-Device Neural Networks via Sponge Poisoning
AU - Wang, Zijian
AU - Huang, Shuo
AU - Huang, Yujin
AU - Cui, Helei
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/7/10
Y1 - 2023/7/10
N2 - In recent years, on-device deep learning has gained attention as a means of developing affordable deep learning applications for mobile devices. However, on-device models are constrained by limited energy and computation resources. In the mean time, a poisoning attack known as sponge poisoning has been developed.This attack involves feeding the model with poisoned examples to increase the energy consumption during inference. As previous work is focusing on server hardware accelerators, in this work, we extend the sponge poisoning attack to an on-device scenario to evaluate the vulnerability of mobile device processors. We present an on-device sponge poisoning attack pipeline to simulate the streaming and consistent inference scenario to bridge the knowledge gap in the on-device setting. Our exclusive experimental analysis with processors and on-device networks shows that sponge poisoning attacks can effectively pollute the modern processor with its built-in accelerator. We analyze the impact of different factors in the sponge poisoning algorithm and highlight the need for improved defense mechanisms to prevent such attacks on on-device deep learning applications.
AB - In recent years, on-device deep learning has gained attention as a means of developing affordable deep learning applications for mobile devices. However, on-device models are constrained by limited energy and computation resources. In the mean time, a poisoning attack known as sponge poisoning has been developed.This attack involves feeding the model with poisoned examples to increase the energy consumption during inference. As previous work is focusing on server hardware accelerators, in this work, we extend the sponge poisoning attack to an on-device scenario to evaluate the vulnerability of mobile device processors. We present an on-device sponge poisoning attack pipeline to simulate the streaming and consistent inference scenario to bridge the knowledge gap in the on-device setting. Our exclusive experimental analysis with processors and on-device networks shows that sponge poisoning attacks can effectively pollute the modern processor with its built-in accelerator. We analyze the impact of different factors in the sponge poisoning algorithm and highlight the need for improved defense mechanisms to prevent such attacks on on-device deep learning applications.
KW - availability attacks
KW - energy-latency attacks
KW - on-device machine learning
KW - poisoning
KW - sponge attacks
UR - http://www.scopus.com/inward/record.url?scp=85168556902&partnerID=8YFLogxK
U2 - 10.1145/3591197.3591307
DO - 10.1145/3591197.3591307
M3 - 会议稿件
AN - SCOPUS:85168556902
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the Inaugural AsiaCCS 2023 Workshop on Secure and Trustworthy Deep Learning Systems, SecTL 2023
PB - Association for Computing Machinery
T2 - 2023 Workshop on Secure and Trustworthy Deep Learning Systems, SecTL 2023 at AsiaCCS 2023
Y2 - 10 July 2023
ER -
