Energy-Latency Attacks to On-Device Neural Networks via Sponge Poisoning

TL;DR

This paper demonstrates that sponge poisoning attacks can effectively increase energy consumption in on-device neural networks, exposing vulnerabilities in mobile processors and highlighting the need for improved defenses.

Contribution

The work extends sponge poisoning attacks to on-device scenarios, providing a new pipeline and experimental analysis on mobile processors and neural networks.

Findings

Sponge poisoning can significantly increase energy consumption on mobile devices.

On-device neural networks are vulnerable to sponge poisoning attacks.

The attack can effectively pollute processor accelerators used in mobile devices.

Abstract

In recent years, on-device deep learning has gained attention as a means of developing affordable deep learning applications for mobile devices. However, on-device models are constrained by limited energy and computation resources. In the mean time, a poisoning attack known as sponge poisoning has been developed.This attack involves feeding the model with poisoned examples to increase the energy consumption during inference. As previous work is focusing on server hardware accelerators, in this work, we extend the sponge poisoning attack to an on-device scenario to evaluate the vulnerability of mobile device processors. We present an on-device sponge poisoning attack pipeline to simulate the streaming and consistent inference scenario to bridge the knowledge gap in the on-device setting. Our exclusive experimental analysis with processors and on-device networks shows that sponge poisoning attacks can effectively pollute the modern processor with its built-in accelerator. We analyze the impact of different factors in the sponge poisoning algorithm and highlight the need for improved defense mechanisms to prevent such attacks on on-device deep learning applications.