SHEATH: Defending Horizontal Collaboration for Distributed CNNs against Adversarial Noise

TL;DR

This paper introduces SHEATH, a framework that defends distributed CNN inference on IoT devices against adversarial noise by detecting and mitigating malicious alterations, ensuring data and model integrity in resource-constrained environments.

Contribution

SHEATH is a novel framework that detects and neutralizes adversarial noise in distributed CNNs without needing full model knowledge, enhancing security in edge computing.

Findings

SHEATH effectively detects adversarial noise across various CNN models.

The framework successfully recovers original feature maps after attack.

SHEATH maintains high inference accuracy under adversarial conditions.

Abstract

As edge computing and the Internet of Things (IoT) expand, horizontal collaboration (HC) emerges as a distributed data processing solution for resource-constrained devices. In particular, a convolutional neural network (CNN) model can be deployed on multiple IoT devices, allowing distributed inference execution for image recognition while ensuring model and data privacy. Yet, this distributed architecture remains vulnerable to adversaries who want to make subtle alterations that impact the model, even if they lack access to the entire model. Such vulnerabilities can have severe implications for various sectors, including healthcare, military, and autonomous systems. However, security solutions for these vulnerabilities have not been explored. This paper presents a novel framework for Secure Horizontal Edge with Adversarial Threat Handling (SHEATH) to detect adversarial noise and eliminate its effect on CNN inference by recovering the original feature maps. Specifically, SHEATH aims to address vulnerabilities without requiring complete knowledge of the CNN model in HC edge architectures based on sequential partitioning. It ensures data and model integrity, offering security against adversarial attacks in diverse HC environments. Our evaluations demonstrate SHEATH's adaptability and effectiveness across diverse CNN configurations.