EdgeLeakage: Membership Information Leakage in Distributed Edge Intelligence Systems

TL;DR

This work investigates data privacy in distributed edge intelligence by examining membership information leakage under an autonomous swarm-learning paradigm. It formulates an internal attacker model and deploys three membership inference attacks—NN-based, metric-based, and differential using Maximum Mean Discrepancy in RKHS—to reveal leakage across 2–4 client configurations. Extensive experiments on CIFAR-10, CIFAR-100, and News demonstrate that MIA can achieve high accuracy, with one-to-one attacks exceeding 80% in some cases, while differential and metric-based approaches reveal varying susceptibility under IID and non-IID conditions. Defense strategies, notably Dropout, can mitigate leakage to a degree, though some defenses show limited effectiveness, indicating that robust privacy-preserving designs are needed for edge intelligence deployments. Overall, the paper highlights tangible privacy risks in decentralized edge learning and provides practical defense insights to bolster data privacy in edge intelligence systems.

Abstract

In contemporary edge computing systems, decentralized edge nodes aggregate unprocessed data and facilitate data analytics to uphold low transmission latency and real-time data processing capabilities. Recently, these edge nodes have evolved to facilitate the implementation of distributed machine learning models, utilizing their computational resources to enable intelligent decision-making, thereby giving rise to an emerging domain referred to as edge intelligence. However, within the realm of edge intelligence, susceptibility to numerous security and privacy threats against machine learning models becomes evident. This paper addresses the issue of membership inference leakage in distributed edge intelligence systems. Specifically, our focus is on an autonomous scenario wherein edge nodes collaboratively generate a global model. The utilization of membership inference attacks serves to elucidate the potential data leakage in this particular context. Furthermore, we delve into the examination of several defense mechanisms aimed at mitigating the aforementioned data leakage problem. Experimental results affirm that our approach is effective in detecting data leakage within edge intelligence systems, and the implementation of our defense methods proves instrumental in alleviating this security threat. Consequently, our findings contribute to safeguarding data privacy in the context of edge intelligence systems.

Figures (15)

• Figure 1: Distributed Edge Intelligence Systems.
• Figure 2: Our Attack Architecture.
• Figure 3: Improved Shadow Model Attack Architecture.
• Figure 4: The attack results of One-to-One attack.
• Figure 5: The attack results of One-to-One attack on the CIFAR-10 dataset, where $N \rightarrow$ 1 means that client $N$ attacks client 1.