Adversarial Attacks to Latent Representations of Distributed Neural Networks in Split Computing
This addresses the security of distributed DNNs in mobile and edge computing, which is an incremental contribution as it fills a known gap in robustness analysis.
The paper tackles the problem of adversarial attacks on latent representations in distributed neural networks for edge computing, proving that compressed latent dimensions and deeper splitting points improve robustness but involve trade-offs with performance and computational burden, with experimental validation across multiple architectures and attacks.
Distributed deep neural networks (DNNs) have been shown to reduce the computational burden of mobile devices and decrease the end-to-end inference latency in edge computing scenarios. While distributed DNNs have been studied, to the best of our knowledge, the resilience of distributed DNNs to adversarial action remains an open problem. In this paper, we fill the existing research gap by rigorously analyzing the robustness of distributed DNNs against adversarial action. We cast this problem in the context of information theory and rigorously proved that (i) the compressed latent dimension improves the robustness but also affect task-oriented performance; and (ii) the deeper splitting point enhances the robustness but also increases the computational burden. These two trade-offs provide a novel perspective to design robust distributed DNN. To test our theoretical findings, we perform extensive experimental analysis by considering 6 different DNN architectures, 6 different approaches for distributed DNN and 10 different adversarial attacks using the ImageNet-1K dataset.