Efficiency Robustness of Dynamic Deep Learning Systems

TL;DR

This paper examines the security vulnerabilities of Dynamic Deep Learning Systems (DDLSs), categorizing efficiency attacks, evaluating their impact, and highlighting the need for new defense strategies to protect resource-efficient AI deployments.

Contribution

It provides the first comprehensive taxonomy of efficiency attacks on DDLSs and analyzes the limitations of current defenses against these emerging threats.

Findings

Efficiency attacks target dynamic computation, iterations, and output production.

Existing defenses are insufficient against sophisticated efficiency adversarial strategies.

Securing DDLSs requires developing novel mitigation techniques.

Abstract

Deep Learning Systems (DLSs) are increasingly deployed in real-time applications, including those in resourceconstrained environments such as mobile and IoT devices. To address efficiency challenges, Dynamic Deep Learning Systems (DDLSs) adapt inference computation based on input complexity, reducing overhead. While this dynamic behavior improves efficiency, such behavior introduces new attack surfaces. In particular, efficiency adversarial attacks exploit these dynamic mechanisms to degrade system performance. This paper systematically explores efficiency robustness of DDLSs, presenting the first comprehensive taxonomy of efficiency attacks. We categorize these attacks based on three dynamic behaviors: (i) attacks on dynamic computations per inference, (ii) attacks on dynamic inference iterations, and (iii) attacks on dynamic output production for downstream tasks. Through an in-depth evaluation, we analyze adversarial strategies that target DDLSs efficiency and identify key challenges in securing these systems. In addition, we investigate existing defense mechanisms, demonstrating their limitations against increasingly popular efficiency attacks and the necessity for novel mitigation strategies to secure future adaptive DDLSs.