当前位置:
X-MOL 学术
›
arXiv.cs.LG
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
EI-MTD:Moving Target Defense for Edge Intelligence against Adversarial Attacks
arXiv - CS - Machine Learning Pub Date : 2020-09-19 , DOI: arxiv-2009.10537 Yaguan Qian, Qiqi Shao, Jiamin Wang, Xiang Lin, Yankai Guo, Zhaoquan Gu, Bin Wang, Chunming Wu
arXiv - CS - Machine Learning Pub Date : 2020-09-19 , DOI: arxiv-2009.10537 Yaguan Qian, Qiqi Shao, Jiamin Wang, Xiang Lin, Yankai Guo, Zhaoquan Gu, Bin Wang, Chunming Wu
With the boom of edge intelligence, its vulnerability to adversarial attacks
becomes an urgent problem. The so-called adversarial example can fool a deep
learning model on the edge node to misclassify. Due to the property of
transferability, the adversary can easily make a black-box attack using a local
substitute model. Nevertheless, the limitation of resource of edge nodes cannot
afford a complicated defense mechanism as doing on the cloud data center. To
overcome the challenge, we propose a dynamic defense mechanism, namely EI-MTD.
It first obtains robust member models with small size through differential
knowledge distillation from a complicated teacher model on the cloud data
center. Then, a dynamic scheduling policy based on a Bayesian Stackelberg game
is applied to the choice of a target model for service. This dynamic defense
can prohibit the adversary from selecting an optimal substitute model for
black-box attacks. Our experimental result shows that this dynamic scheduling
can effectively protect edge intelligence against adversarial attacks under the
black-box setting.
中文翻译:
EI-MTD:针对对抗性攻击的边缘智能移动目标防御
随着边缘智能的蓬勃发展,其对对抗性攻击的脆弱性成为一个紧迫的问题。所谓的对抗样本可以欺骗边缘节点上的深度学习模型进行错误分类。由于具有可转移性,对手可以使用本地替代模型轻松进行黑盒攻击。然而,边缘节点资源的限制无法像云数据中心那样提供复杂的防御机制。为了克服这一挑战,我们提出了一种动态防御机制,即 EI-MTD。它首先从云数据中心上一个复杂的教师模型中通过差异化知识蒸馏得到小规模的鲁棒成员模型。然后,将基于贝叶斯 Stackelberg 博弈的动态调度策略应用于服务目标模型的选择。这种动态防御可以阻止对手为黑盒攻击选择最佳替代模型。我们的实验结果表明,这种动态调度可以在黑盒设置下有效地保护边缘智能免受对抗性攻击。
更新日期:2020-10-13
中文翻译:
EI-MTD:针对对抗性攻击的边缘智能移动目标防御
随着边缘智能的蓬勃发展,其对对抗性攻击的脆弱性成为一个紧迫的问题。所谓的对抗样本可以欺骗边缘节点上的深度学习模型进行错误分类。由于具有可转移性,对手可以使用本地替代模型轻松进行黑盒攻击。然而,边缘节点资源的限制无法像云数据中心那样提供复杂的防御机制。为了克服这一挑战,我们提出了一种动态防御机制,即 EI-MTD。它首先从云数据中心上一个复杂的教师模型中通过差异化知识蒸馏得到小规模的鲁棒成员模型。然后,将基于贝叶斯 Stackelberg 博弈的动态调度策略应用于服务目标模型的选择。这种动态防御可以阻止对手为黑盒攻击选择最佳替代模型。我们的实验结果表明,这种动态调度可以在黑盒设置下有效地保护边缘智能免受对抗性攻击。