Sponge Attacks on Sensing AI: Energy-Latency Vulnerabilities and Defense via Model Pruning
Syed Mhamudul Hasan, Hussein Zangoti, Iraklis Anagnostopoulos, Abdur R. Shahid
TL;DR
The paper addresses the vulnerability of sensing-based AI on resource-constrained devices to energy-latency sponge attacks. It introduces a training-time攻击 framework inspired by SkipSponge, formalized as $L_{ ext{sponge}}(\theta,x,y)=L(\theta,x,y)-\lambda E(\theta,x)$ with $E(\theta,x)=\sum_{i=1}^{N}\hat{\ell}_0(\phi_i;\sigma)$, and demonstrates how adversaries can inflate activations to drain energy and increase inference time while preserving accuracy. The authors propose model pruning as a post-training defense, showing that pruning-induced sparsity mitigates sponge-induced overhead and quantifies the trade-offs between compression, resilience, and accuracy on wearable sensing tasks. The findings highlight the practical significance for IoT and wearable systems, where pruning can serve as an effective, deployable defense against energy-latency attacks in real-time sensing pipelines.
Abstract
Recent studies have shown that sponge attacks can significantly increase the energy consumption and inference latency of deep neural networks (DNNs). However, prior work has focused primarily on computer vision and natural language processing tasks, overlooking the growing use of lightweight AI models in sensing-based applications on resource-constrained devices, such as those in Internet of Things (IoT) environments. These attacks pose serious threats of energy depletion and latency degradation in systems where limited battery capacity and real-time responsiveness are critical for reliable operation. This paper makes two key contributions. First, we present the first systematic exploration of energy-latency sponge attacks targeting sensing-based AI models. Using wearable sensing-based AI as a case study, we demonstrate that sponge attacks can substantially degrade performance by increasing energy consumption, leading to faster battery drain, and by prolonging inference latency. Second, to mitigate such attacks, we investigate model pruning, a widely adopted compression technique for resource-constrained AI, as a potential defense. Our experiments show that pruning-induced sparsity significantly improves model resilience against sponge poisoning. We also quantify the trade-offs between model efficiency and attack resilience, offering insights into the security implications of model compression in sensing-based AI systems deployed in IoT environments.
