Defending edge computing based metaverse AI against adversarial attacks

The metaverse, as an impressive technology, can achieve outstanding performance in many fields. With the development of deep neural networks (DNNs), more and more metaverse artificial intelligence (AI) applications are emerging, which have low tolerance for delay. The edge computing based metaverse AI can overcome this problem. However, these AI applications bring new challenges of high reliability, especially DNNs are subject to the security risk of adversarial attacks that generate small and imperceptible noise and cause classifier to make predictions with a high error probability. To meet the reliability requirements of AI applications, in this paper, we propose a security mechanism against adversarial attacks in edge computing based metaverse AI applications. This mechanism utilizes a modified ResNet model that defends against adversarial attacks. We deploy it on the edge cloud to preprocess the data uploaded by metaverse AI applications. In order to achieve a better model performance, we use multiple residual network blocks to build this neural network model on the basis of autoencoder. To assist the model to produce defensively high-quality images, we utilize several convolution layers with various step sizes to process multi-scale images and design to use multiple types of samples with different properties together for the model training. We evaluate our method with experiments on MNIST, CIFAR-10, and CIFAR-100 datasets, and against five attacks such as FGSM and DeepFool attacks. We show that our method achieves 96% defence success rate in MNIST and significantly outperforms existing denoising methods in terms of residual network block, multi-scale image, and training methods.