The inference of Convolutional Neural Networks (CNNs) at the Edge poses significant challenges due to resource limitations of edge devices. One approach to addressing these challenges is to distribute a CNN model across multiple edge devices. While much attention has been paid to improving the performance, memory utilization, energy efficiency, and robustness of distributed CNN inference at the Edge, security implications of such inference remain largely unexplored. Therefore, in this paper, we investigate the security vulnerabilities of the three main partitioning strategies for distributing CNN models across multiple edge devices, namely vertical partitioning, horizontal partitioning, and data partitioning. More specifically, we assess how accurately an attacker can reconstruct the input image given to a CNN model and predict the image class by eavesdropping on the communication link between two edge devices. We devise a simple, yet realistic attack scenario in which the attacker attempts to reconstruct the input image from intermediate data obtained from the communication link. In order to evaluate the vulnerability of the system, the reconstructed image is fed back into the model to see if its class can be determined. We conduct extensive experiments using different CNN models and datasets. Our results show that data partitioning is less vulnerable to this attack scenario compared to the other partitioning strategies, while vertical partitioning is the most vulnerable.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Security Analysis of CNN Partitioning Strategies for Distributed Inference at the Edge

  • Fatemeh Mehrafrooz,
  • Roozbeh Siyadatzadeh,
  • Nele Mentens,
  • Todor Stefanov

摘要

The inference of Convolutional Neural Networks (CNNs) at the Edge poses significant challenges due to resource limitations of edge devices. One approach to addressing these challenges is to distribute a CNN model across multiple edge devices. While much attention has been paid to improving the performance, memory utilization, energy efficiency, and robustness of distributed CNN inference at the Edge, security implications of such inference remain largely unexplored. Therefore, in this paper, we investigate the security vulnerabilities of the three main partitioning strategies for distributing CNN models across multiple edge devices, namely vertical partitioning, horizontal partitioning, and data partitioning. More specifically, we assess how accurately an attacker can reconstruct the input image given to a CNN model and predict the image class by eavesdropping on the communication link between two edge devices. We devise a simple, yet realistic attack scenario in which the attacker attempts to reconstruct the input image from intermediate data obtained from the communication link. In order to evaluate the vulnerability of the system, the reconstructed image is fed back into the model to see if its class can be determined. We conduct extensive experiments using different CNN models and datasets. Our results show that data partitioning is less vulnerable to this attack scenario compared to the other partitioning strategies, while vertical partitioning is the most vulnerable.