Energy-Latency Attacks to On-Device Neural Networks via Sponge Poisoning
This work addresses a security problem for on-device deep learning applications on mobile devices, highlighting an incremental extension of existing attacks to a new scenario.
The paper tackles the vulnerability of on-device neural networks to energy-latency attacks by extending sponge poisoning to mobile devices, showing that these attacks can effectively pollute modern processors with built-in accelerators.
In recent years, on-device deep learning has gained attention as a means of developing affordable deep learning applications for mobile devices. However, on-device models are constrained by limited energy and computation resources. In the mean time, a poisoning attack known as sponge poisoning has been developed.This attack involves feeding the model with poisoned examples to increase the energy consumption during inference. As previous work is focusing on server hardware accelerators, in this work, we extend the sponge poisoning attack to an on-device scenario to evaluate the vulnerability of mobile device processors. We present an on-device sponge poisoning attack pipeline to simulate the streaming and consistent inference scenario to bridge the knowledge gap in the on-device setting. Our exclusive experimental analysis with processors and on-device networks shows that sponge poisoning attacks can effectively pollute the modern processor with its built-in accelerator. We analyze the impact of different factors in the sponge poisoning algorithm and highlight the need for improved defense mechanisms to prevent such attacks on on-device deep learning applications.