Enhancing the Security of Collaborative Deep Neural Networks: An Examination of the Effect of Low Pass Filters

To ensure that accuracy and latency are not compromised while deploying Deep Neural Networks (DNNs) on edge devices, trained DNN models can be partitioned across many collaborating edge devices for inference. However, this collaborative inference paradigm raises new security risks because one of the collaborating edge devices could be malicious or compromised, leading to compromised accuracy and reliability of inference results. To address this challenge, this paper explores the use of low-pass filters to enhance the robustness of Collaborative DNNs. The study deploys a VGG16 network, trained on the German Traffic Sign Recognition Benchmarks (GTSRB) dataset, and a MobileNet network trained on the ImageNet dataset, using two prevalent collaborative inference methodologies. The output feature maps (FMs) of a vulnerable edge device are perturbed using four advanced adversarial noises, namely Speckle, Salt-and-Pepper, Gaussian noise, and the Fast Gradient Signed Method (FGSM). Experimental results demonstrate that implementing low-pass filtering can significantly enhance the robustness of Collaborative DNNs. On average, the top-1 classification accuracy is improved by 2.1x times, making the DNNs more robust to adversarial attacks.