EI-MTD: Moving Target Defense for Edge Intelligence against Adversarial Attacks

被引:0
|
作者
Qian, Yaguan [1 ]
Guo, Yankai [1 ]
Shao, Qiqi [1 ]
Wang, Jiamin [1 ]
Wang, Bin [2 ]
Gu, Zhaoquan [3 ]
Ling, Xiang [4 ]
Wu, Chunming [5 ]
机构
[1] Zhejiang Univ Sci & Technol, Sch Big Data Sci, 318 Liuhe Rd, Hangzhou 310023, Zhejiang, Peoples R China
[2] Zhejiang Key Lab Multidimens Percept Technol Appl, 555 Qianmo Rd, Hangzhou 310052, Peoples R China
[3] Guangzhou Univ, Cyberspace Inst Adv Technol CIAT, Higher Educ Mega Ctr, 230 West Waihuan Rd, Guangzhou 510006, Peoples R China
[4] Chinese Acad Sci, Inst Software, 4 South Four St, Beijing 100190, Peoples R China
[5] Zhejiang Univ, Coll Comp Sci & Technol, 866 Yuhangtang Rd, Hangzhou 310058, Peoples R China
来源
ACM TRANSACTIONS ON PRIVACY AND SECURITY | 2022年 / 25卷 / 03期
基金
中国国家自然科学基金; 国家重点研发计划;
关键词
Adversarial examples; differential knowledge distillation; Bayesian Stackelberg game; dynamic scheduling;
D O I
10.1145/3517806
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Edge intelligence has played an important role in constructing smart cities, but the vulnerability of edge nodes to adversarial attacks becomes an urgent problem. A so-called adversarial example can fool a deep learning model on an edge node for misclassification. Due to the transferability property of adversarial examples, an adversary can easily fool a black-box model by a local substitute model. Edge nodes in general have limited resources, which cannot afford a complicated defense mechanism like that on a cloud data center. To address the challenge, we propose a dynamic defense mechanism, namely EI-MTD. The mechanism first obtains robust member models of small size through differential knowledge distillation from a complicated teacher model on a cloud data center. Then, a dynamic scheduling policy, which builds on a Bayesian Stackelberg game, is applied to the choice of a target model for service. This dynamic defense mechanism can prohibit the adversary from selecting an optimal substitute model for black-box attacks. We also conduct extensive experiments to evaluate the proposed mechanism, and results show that EI-MTD could protect edge intelligence effectively against adversarial attacks in black-box settings.
引用
收藏
页数:24
相关论文
共 50 条
  • [1] Moving Target Defense Against Injection Attacks
    Zhang, Huan
    Zheng, Kangfeng
    Yan, Xiaodan
    Luo, Shoushan
    Wu, Bin
    [J]. ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING (ICA3PP 2019), PT I, 2020, 11944 : 518 - 532
  • [2] MTDeep: Boosting the Security of Deep Neural Nets Against Adversarial Attacks with Moving Target Defense
    Sengupta, Sailik
    Chakraborti, Tathagata
    Kambhampati, Subbarao
    [J]. DECISION AND GAME THEORY FOR SECURITY, 2019, 11836 : 479 - 491
  • [3] Morphence: Moving Target Defense Against Adversarial Examples
    Amich, Abderrahmen
    Eshete, Birhanu
    [J]. 37TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, ACSAC 2021, 2021, : 61 - 75
  • [4] A Moving Target Defense against Adversarial Machine Learning
    Roy, Abhishek
    Chhabra, Anshuman
    Kamhoua, Charles A.
    Mohapatra, Prasant
    [J]. SEC'19: PROCEEDINGS OF THE 4TH ACM/IEEE SYMPOSIUM ON EDGE COMPUTING, 2019, : 383 - 388
  • [5] MTD 2017: Fourth ACM Workshop on Moving Target Defense (MTD)
    Okhravi, Hamed
    Ou, Xinming
    [J]. CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 2637 - 2638
  • [6] Toward Effective Moving Target Defense Against Adversarial AI
    Martin, Peter
    Fan, Jian
    Kim, Taejin
    Vesey, Konrad
    Greenwald, Lloyd
    [J]. 2021 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM 2021), 2021,
  • [7] Deblurring as a Defense against Adversarial Attacks
    Duckworth, William, III
    Liao, Weixian
    Yu, Wei
    [J]. 2023 IEEE 12TH INTERNATIONAL CONFERENCE ON CLOUD NETWORKING, CLOUDNET, 2023, : 61 - 67
  • [8] Text Adversarial Purification as Defense against Adversarial Attacks
    Li, Linyang
    Song, Demin
    Qiu, Xipeng
    [J]. PROCEEDINGS OF THE 61ST ANNUAL MEETING OF THE ASSOCIATION FOR COMPUTATIONAL LINGUISTICS, ACL 2023, VOL 1, 2023, : 338 - 350
  • [9] MTD 2018: 5th ACM Workshop on Moving Target Defense (MTD)
    Albanese, Massimiliano
    Huang, Dijiang
    [J]. PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, : 2175 - 2176
  • [10] MTD 2016: Third ACM Workshop on Moving Target Defense
    Liu, Peng
    Wang, Cliff
    [J]. CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 1868 - 1868
12345