Securing Deep Neural Networks on Edge from Membership Inference Attacks Using Trusted Execution Environments

Cheng Yun Yang, Gowri Ramshankar, Nicholas Eliopoulos, Purvish Jajal, Sudarshan Nambiar, Evan Miller, Xun Zhang, Dave Jing Tian, Shuo Han Chen, Chiy Ferng Perng, Yung Hsiang Lu

研究成果: Conference contribution同行評審

摘要

Privacy concerns arise from malicious attacks on Deep Neural Network (DNN) applications during sensitive data inference on edge devices. Membership Inference Attack (MIA) is developed by adversaries to determine whether sensitive data is used to train the DNN applications. Prior work uses Trusted Execution Environments (TEEs) to hide DNN model inference from adversaries on edge devices. Unfortunately, existing methods have two major problems. First, due to the restricted memory of TEEs, prior work cannot secure large-size DNNs from gradient-based MIAs. Second, prior work is ineffective on output-based MIAs. To mitigate the problems, we present a depth-wise layer partitioning method to run large sensitive layers inside TEEs. We further propose a model quantization strategy to improve the defense capability of DNNs against output-based MIAs and accelerate the computation. We also automate the process of securing PyTorch-based DNN models inside TEEs. Experiments on Raspberry Pi 3B+ show that our method can reduce the accuracy of gradient-based MIAs on AlexNet, VGG-16, and ResNet-20 evaluated on the CIFAR-100 dataset by 28.8%, 11%, and 35.3%. The accuracy of output-based MIAs on the three models is also reduced by 18.5%, 13.4%, and 29.6%, respectively.

原文English
主出版物標題Proceedings of the 29th International Symposium on Low Power Electronics and Design, ISLPED 2024
發行者Association for Computing Machinery, Inc
ISBN(電子)9798400706882
DOIs
出版狀態Published - 5 8月 2024
事件29th ACM/IEEE International Symposium on Low Power Electronics and Design, ISLPED 2024 - Newport Beach, 美國
持續時間: 5 8月 20247 8月 2024

出版系列

名字Proceedings of the 29th International Symposium on Low Power Electronics and Design, ISLPED 2024

Conference

Conference29th ACM/IEEE International Symposium on Low Power Electronics and Design, ISLPED 2024
國家/地區美國
城市Newport Beach
期間5/08/247/08/24

指紋

深入研究「Securing Deep Neural Networks on Edge from Membership Inference Attacks Using Trusted Execution Environments」主題。共同形成了獨特的指紋。

引用此