Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

EdgeShield: A Universal and Efficient Edge Computing Framework for Robust AI

Duo Zhong, Bojing Li, Xiang Chen, Chenchen Liu

TL;DR

EdgeShield tackles the challenge of real-time adversarial patch defense on edge devices by presenting a universal, lightweight detector that operates on shallow DNN layers and retains compatibility with multiple back-end models. The method uses attention maps from early convolutional layers, deriving a threshold from clean data to distinguish perturbed inputs without needing exposure to attacked samples, and demonstrates strong detection performance across several networks. Empirical results show an F-score around 97.4% and substantial reductions in computation, memory, latency, and energy compared to prior back-end-focused defenses, enabling practical deployment in near-sensor environments. The work thus enables secure, scalable AI deployments in distributed edge systems without modifying existing back-end models.

Abstract

The increasing prevalence of adversarial attacks on Artificial Intelligence (AI) systems has created a need for innovative security measures. However, the current methods of defending against these attacks often come with a high computing cost and require back-end processing, making real-time defense challenging. Fortunately, there have been remarkable advancements in edge-computing, which make it easier to deploy neural networks on edge devices. Building upon these advancements, we propose an edge framework design to enable universal and efficient detection of adversarial attacks. This framework incorporates an attention-based adversarial detection methodology and a lightweight detection network formation, making it suitable for a wide range of neural networks and can be deployed on edge devices. To assess the effectiveness of our proposed framework, we conducted evaluations on five neural networks. The results indicate an impressive 97.43% F-score can be achieved, demonstrating the framework's proficiency in detecting adversarial attacks. Moreover, our proposed framework also exhibits significantly reduced computing complexity and cost in comparison to previous detection methods. This aspect is particularly beneficial as it ensures that the defense mechanism can be efficiently implemented in real-time on-edge devices.

EdgeShield: A Universal and Efficient Edge Computing Framework for Robust AI

TL;DR

EdgeShield tackles the challenge of real-time adversarial patch defense on edge devices by presenting a universal, lightweight detector that operates on shallow DNN layers and retains compatibility with multiple back-end models. The method uses attention maps from early convolutional layers, deriving a threshold from clean data to distinguish perturbed inputs without needing exposure to attacked samples, and demonstrates strong detection performance across several networks. Empirical results show an F-score around 97.4% and substantial reductions in computation, memory, latency, and energy compared to prior back-end-focused defenses, enabling practical deployment in near-sensor environments. The work thus enables secure, scalable AI deployments in distributed edge systems without modifying existing back-end models.

Abstract

The increasing prevalence of adversarial attacks on Artificial Intelligence (AI) systems has created a need for innovative security measures. However, the current methods of defending against these attacks often come with a high computing cost and require back-end processing, making real-time defense challenging. Fortunately, there have been remarkable advancements in edge-computing, which make it easier to deploy neural networks on edge devices. Building upon these advancements, we propose an edge framework design to enable universal and efficient detection of adversarial attacks. This framework incorporates an attention-based adversarial detection methodology and a lightweight detection network formation, making it suitable for a wide range of neural networks and can be deployed on edge devices. To assess the effectiveness of our proposed framework, we conducted evaluations on five neural networks. The results indicate an impressive 97.43% F-score can be achieved, demonstrating the framework's proficiency in detecting adversarial attacks. Moreover, our proposed framework also exhibits significantly reduced computing complexity and cost in comparison to previous detection methods. This aspect is particularly beneficial as it ensures that the defense mechanism can be efficiently implemented in real-time on-edge devices.
Paper Structure (12 sections, 4 equations, 3 figures, 4 tables)

This paper contains 12 sections, 4 equations, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. AI Trustworthiness
  4. Near-Sensor Computing
  5. Designed Methodology
  6. Attention-based Method for Attacks Detection
  7. Detection Layer Selection
  8. Experiment and Evaluation
  9. Experiment Setup
  10. Effectiveness of Detection
  11. Computational Cost
  12. Conclusion

Figures (3)

  • Figure 1: The framework of our proposed method.
  • Figure 2: Samples perturbed by adversarial patch at different locations.
  • Figure 3: The implementation detail of the proposed detection.