Abstract
With the explosive development of mobile Internet and deep learning (DL), intelligent edge computing services based on collaborative learning are widely deployed in various application scenarios. These intelligent services include intelligent applications based on edge computing and DL-based optimization for edge computing (e.g., caching and communicating). However, in a wide variety of domains, DL has been found to be vulnerable to adversarial attacks, especially architecture-independent backdoor attacks. It embeds the attack pattern into the learned model and only performs the attack when it encounters the corresponding trigger. In this article, for the first time we analyze the impact of backdoor attacks on intelligent edge computing services. The simulation results demonstrate that once one or more edge nodes implement backdoor attacks, the embedded attack pattern will rapidly expand to all relevant edge nodes, which poses huge challenges to security-sensitive intelligent edge computing services. Subsequently, we analyze the trade-off between expected performance and ability to defend against backdoor attacks, which sheds new light on designing defense mechanisms for intelligent edge computing services. To address the challenges posed by backdoor attacks, we propose a stability-based defense mechanism. The experimental results demonstrate that the newly proposed defense mechanism can effectively defend against different levels of backdoor attacks without knowing whether there are adversaries, which is conducive to the deployment of the stability-based defense mechanism in real-world scenarios.
Original language | English (US) |
---|---|
Article number | 9354927 |
Pages (from-to) | 163-169 |
Number of pages | 7 |
Journal | IEEE Network |
Volume | 35 |
Issue number | 1 |
DOIs | |
State | Published - Mar 1 2021 |
Bibliographical note
Funding Information:This work was in part supported by the National Key R&D Program of China with No. 2018YFB0803405, the China National Funds for Distinguished Young Scientists with No. 61825204, the NSFC Project with No. 61932016, the Beijing Outstanding Young Scientist Program with No. BJJWZYJH01201910003011, the Beijing National Research Center for Information Science and Technology (BNRist) with No. BNR- 2019RC01011, and the PCL Future Greater-Bay Area Network Facilities for Largescale Experiments and Applications with No. LZC0019.
Funding Information:
AcknoWledgments This work was in part supported by the National Key R&D Program of China with No. 2018YFB0803405, the China Nation al Funds for Distinguished Young Scien tists with No. 61825204, the NSFC Project with No. 61932016, the Beijing Outstanding Young Scientist Program with No. BJJW-ZYJH01201910003011, the Beijing National Research Center for Information Science and Technology (BNRist) with No. BNR-2019RC01011, and the PCL Future Greater-Bay Area Network Facilities for Largescale Experiments and Applications with No. LZC0019.
Publisher Copyright:
© 1986-2012 IEEE.