Survey of Attacks and Defenses on Edge-Deployed Neural Networks

TL;DR

This survey reviews security challenges faced by neural networks deployed on edge devices, covering attacks, defenses, and a taxonomy of threats specific to edge AI systems.

Contribution

It provides a comprehensive taxonomy of attacks and defenses tailored to the unique security issues of edge-deployed neural networks.

Findings

Edge neural networks face unique security challenges due to their compute and memory constraints.

A taxonomy of attacks and defenses specific to edge neural networks is proposed.

The survey highlights the need for specialized security approaches for edge AI deployments.

Abstract

Deep Neural Network (DNN) workloads are quickly moving from datacenters onto edge devices, for latency, privacy, or energy reasons. While datacenter networks can be protected using conventional cybersecurity measures, edge neural networks bring a host of new security challenges. Unlike classic IoT applications, edge neural networks are typically very compute and memory intensive, their execution is data-independent, and they are robust to noise and faults. Neural network models may be very expensive to develop, and can potentially reveal information about the private data they were trained on, requiring special care in distribution. The hidden states and outputs of the network can also be used in reconstructing user inputs, potentially violating users' privacy. Furthermore, neural networks are vulnerable to adversarial attacks, which may cause misclassifications and violate the integrity of the output. These properties add challenges when securing edge-deployed DNNs, requiring new considerations, threat models, priorities, and approaches in securely and privately deploying DNNs to the edge. In this work, we cover the landscape of attacks on, and defenses, of neural networks deployed in edge devices and provide a taxonomy of attacks and defenses targeting edge DNNs.