Adversarial Attacks to Latent Representations of Distributed Neural Networks in Split Computing

TL;DR

This paper investigates the robustness of distributed deep neural networks against adversarial attacks, revealing trade-offs between robustness, performance, and computational complexity, supported by theoretical analysis and extensive experiments.

Contribution

It provides a rigorous information-theoretic analysis of how latent dimension and splitting point affect robustness and performance in distributed DNNs, which is a novel insight.

Findings

Compressed latent dimension improves robustness but affects task performance.

Deeper splitting points enhance robustness but increase computational load.

Experimental validation across multiple architectures and attacks supports theoretical results.

Abstract

Distributed deep neural networks (DNNs) have been shown to reduce the computational burden of mobile devices and decrease the end-to-end inference latency in edge computing scenarios. While distributed DNNs have been studied, to the best of our knowledge, the resilience of distributed DNNs to adversarial action remains an open problem. In this paper, we fill the existing research gap by rigorously analyzing the robustness of distributed DNNs against adversarial action. We cast this problem in the context of information theory and rigorously proved that (i) the compressed latent dimension improves the robustness but also affect task-oriented performance; and (ii) the deeper splitting point enhances the robustness but also increases the computational burden. These two trade-offs provide a novel perspective to design robust distributed DNN. To test our theoretical findings, we perform extensive experimental analysis by considering 6 different DNN architectures, 6 different approaches for distributed DNN and 10 different adversarial attacks using the ImageNet-1K dataset.