Noise-Aware Misclassification Attack Detection in Collaborative DNN Inference

TL;DR

This paper introduces a noise-aware anomaly detection framework using variational autoencoders to identify malicious data injections in collaborative DNN inference, improving detection accuracy under noisy conditions.

Contribution

It proposes a novel semi-gray-box, noise-aware detection method that effectively captures environmental noise characteristics to detect adversarial manipulations.

Findings

Achieves up to 90% AUROC in detection accuracy.

Robust against realistic environmental noise.

Identifies limitations due to feature similarity and high noise levels.

Abstract

Collaborative inference of object classification Deep neural Networks (DNNs) where resource-constrained end-devices offload partially processed data to remote edge servers to complete end-to-end processing, is becoming a key enabler of edge-AI. However, such edge-offloading is vulnerable to malicious data injections leading to stealthy misclassifications that are tricky to detect, especially in the presence of environmental noise. In this paper, we propose a semi-gray-box and noise- aware anomaly detection framework fueled by a variational autoencoder (VAE) to capture deviations caused by adversarial manipulation. The proposed framework incorporates a robust noise-aware feature that captures the characteristic behavior of environmental noise to improve detection accuracy while reducing false alarm rates. Our evaluation with popular object classification DNNs demonstrate the robustness of the proposed detection (up to 90% AUROC across DNN configurations) under realistic noisy conditions while revealing limitations caused by feature similarity and elevated noise levels.