Detection and Mitigation of Subtle Feature-map Attacks in Pseudo Parallel Collaborative CNN Models for Distributed Edge Intelligence
Conference
Patel, P, Hasan, SR, Rahman, MA et al. (2024). Detection and Mitigation of Subtle Feature-map Attacks in Pseudo Parallel Collaborative CNN Models for Distributed Edge Intelligence
. 10.1109/VTC2024-Fall63153.2024.10757639
Patel, P, Hasan, SR, Rahman, MA et al. (2024). Detection and Mitigation of Subtle Feature-map Attacks in Pseudo Parallel Collaborative CNN Models for Distributed Edge Intelligence
. 10.1109/VTC2024-Fall63153.2024.10757639
Although Collaborative Deep Neural Network (CDNN) promises to be an alternative mechanism to mitigate the effects of the untrusted cloud, this approach is susceptible to other kinds of adversarial attacks, which arise from one or more untrusted devices in CDNN acting maliciously. However, since each untrusted node in the CDNN contains only partial information of the complete DNN model, it is worth investigating whether the attacker can still muster a viable threat to CDNN or not. This led to the investigation of attack scenarios and their effects on convolutional neural networks (CNN) used for image classification in the CDNN environment. In this research, we are investigating the shortcomings of existing attacks on CDNN, that lead to non-subtle attack to the defender who is on look out against such attacks. Our research showed that sparse nature of feature maps (FMs) due to the ReLU function lead to many existing attacks more obvious to the attacker. Next, we investigated how one can detect the existing attacks if the defender has some previous knowledge of the complete CNN's FMs. Our results show minimal detection overhead of about 2%, with an accuracy of 95% and F1 score of above 0.97.
