Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Enhancing TinyML Security: Study of Adversarial Attack Transferability

Parin Shah, Yuvaraj Govindarajulu, Pavan Kulkarni, Manojkumar Parmar

TL;DR

The paper investigates the transferability of adversarial attacks from a powerful host to TinyML devices like ESP32 and Raspberry Pi, focusing on Model Extraction and Evasion Attacks. Using MNIST and Gesture Recognition datasets, it demonstrates that surrogate models trained on host queries can replicate victim models, and that adversarial perturbations crafted on the host can effectively fool devices at deployment. Key results show high host accuracies (≈99.3% on MNIST) with compact surrogate models, and substantial evasion effectiveness (e.g., ε = 0.31 yielding ≈67.9% misclassifications on MNIST; higher ε yields more failures on gesture tasks). The findings highlight that adversarial risks persist across edge hardware, underscoring the need for integrated hardware-software defenses to safeguard AI at the edge in TinyML deployments.

Abstract

The recent strides in artificial intelligence (AI) and machine learning (ML) have propelled the rise of TinyML, a paradigm enabling AI computations at the edge without dependence on cloud connections. While TinyML offers real-time data analysis and swift responses critical for diverse applications, its devices' intrinsic resource limitations expose them to security risks. This research delves into the adversarial vulnerabilities of AI models on resource-constrained embedded hardware, with a focus on Model Extraction and Evasion Attacks. Our findings reveal that adversarial attacks from powerful host machines could be transferred to smaller, less secure devices like ESP32 and Raspberry Pi. This illustrates that adversarial attacks could be extended to tiny devices, underscoring vulnerabilities, and emphasizing the necessity for reinforced security measures in TinyML deployments. This exploration enhances the comprehension of security challenges in TinyML and offers insights for safeguarding sensitive data and ensuring device dependability in AI-powered edge computing settings.

Enhancing TinyML Security: Study of Adversarial Attack Transferability

TL;DR

The paper investigates the transferability of adversarial attacks from a powerful host to TinyML devices like ESP32 and Raspberry Pi, focusing on Model Extraction and Evasion Attacks. Using MNIST and Gesture Recognition datasets, it demonstrates that surrogate models trained on host queries can replicate victim models, and that adversarial perturbations crafted on the host can effectively fool devices at deployment. Key results show high host accuracies (≈99.3% on MNIST) with compact surrogate models, and substantial evasion effectiveness (e.g., ε = 0.31 yielding ≈67.9% misclassifications on MNIST; higher ε yields more failures on gesture tasks). The findings highlight that adversarial risks persist across edge hardware, underscoring the need for integrated hardware-software defenses to safeguard AI at the edge in TinyML deployments.

Abstract

The recent strides in artificial intelligence (AI) and machine learning (ML) have propelled the rise of TinyML, a paradigm enabling AI computations at the edge without dependence on cloud connections. While TinyML offers real-time data analysis and swift responses critical for diverse applications, its devices' intrinsic resource limitations expose them to security risks. This research delves into the adversarial vulnerabilities of AI models on resource-constrained embedded hardware, with a focus on Model Extraction and Evasion Attacks. Our findings reveal that adversarial attacks from powerful host machines could be transferred to smaller, less secure devices like ESP32 and Raspberry Pi. This illustrates that adversarial attacks could be extended to tiny devices, underscoring vulnerabilities, and emphasizing the necessity for reinforced security measures in TinyML deployments. This exploration enhances the comprehension of security challenges in TinyML and offers insights for safeguarding sensitive data and ensuring device dependability in AI-powered edge computing settings.
Paper Structure (28 sections, 7 figures, 7 tables)

This paper contains 28 sections, 7 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. This Paper
  4. Methodology
  5. Architectural Details of Embedded Hardware Used in the Experiments
  6. Raspberry Pi
  7. ESP32 Wroom Dev KitC
  8. Adversarial Attacks Employed for Subsequent Experiments
  9. Model Extraction Attack
  10. Evasion Attack
  11. Fast Gradient Sign Method -- FGSM
  12. Hardware Attacks and Security
  13. Experimental Setup and Attack Preparation
  14. Results for MNIST Dataset
  15. Model Extraction Attack
  16. ...and 13 more sections

Figures (7)

  • Figure 1: Visualizing the hardware used in the experiments
  • Figure 2: An example of Evasion Attack goodfellow2015explaining
  • Figure 4: Visualizing Attack Vectors used in the training of surrogate model
  • Figure 5: Original class being missclassified to different class
  • Figure 6: Effect of Attack Strength on Original Dataset
  • ...and 2 more figures