Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Noise-Aware Misclassification Attack Detection in Collaborative DNN Inference

Shima Yousefi, Saptarshi Debroy

Abstract

Collaborative inference of object classification Deep neural Networks (DNNs) where resource-constrained end-devices offload partially processed data to remote edge servers to complete end-to-end processing, is becoming a key enabler of edge-AI. However, such edge-offloading is vulnerable to malicious data injections leading to stealthy misclassifications that are tricky to detect, especially in the presence of environmental noise. In this paper, we propose a semi-gray-box and noise- aware anomaly detection framework fueled by a variational autoencoder (VAE) to capture deviations caused by adversarial manipulation. The proposed framework incorporates a robust noise-aware feature that captures the characteristic behavior of environmental noise to improve detection accuracy while reducing false alarm rates. Our evaluation with popular object classification DNNs demonstrate the robustness of the proposed detection (up to 90% AUROC across DNN configurations) under realistic noisy conditions while revealing limitations caused by feature similarity and elevated noise levels.

Noise-Aware Misclassification Attack Detection in Collaborative DNN Inference

Abstract

Collaborative inference of object classification Deep neural Networks (DNNs) where resource-constrained end-devices offload partially processed data to remote edge servers to complete end-to-end processing, is becoming a key enabler of edge-AI. However, such edge-offloading is vulnerable to malicious data injections leading to stealthy misclassifications that are tricky to detect, especially in the presence of environmental noise. In this paper, we propose a semi-gray-box and noise- aware anomaly detection framework fueled by a variational autoencoder (VAE) to capture deviations caused by adversarial manipulation. The proposed framework incorporates a robust noise-aware feature that captures the characteristic behavior of environmental noise to improve detection accuracy while reducing false alarm rates. Our evaluation with popular object classification DNNs demonstrate the robustness of the proposed detection (up to 90% AUROC across DNN configurations) under realistic noisy conditions while revealing limitations caused by feature similarity and elevated noise levels.
Paper Structure (18 sections, 14 equations, 4 figures, 12 tables)

This paper contains 18 sections, 14 equations, 4 figures, 12 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. System and Threat Model
  4. System Model & Motivating Example
  5. Noise model
  6. Motivating example
  7. Threat Model
  8. Detection Methodology
  9. Adversarial Variational Autoencoder (adVAE) Structure
  10. Motivation for Detection Features
  11. Impulsive Noise Effects on VAE Detection
  12. Noise-Aware Feature Extraction
  13. Overall Detection Process
  14. Evaluation and Results
  15. Scope of detection evaluation
  16. ...and 3 more sections

Figures (4)

  • Figure 1: Effect of noise on the distribution. Reconstruction error vs. latent shift for (a) clean intermediate features and (b) noisy S$\alpha$S-corrupted intermediate features.
  • Figure 2: Core VAE-based structure underlying the proposed detection framework.
  • Figure 3: End-to-End Overview of the proposed training and detection pipeline.
  • Figure 4: False alarm rate (FAR in top row) and detection rate (DR in bottom row) versus attack strength $\nu$ for VGG19 (layer 20) under increasing noise intensity.