Dynamic Deep Neural Network Adversarial Attacks for Edge-based IoT Devices

Edge-based IoT devices have experienced phenomenal growth in recent years due to rapidly increasing demand in various emerging applications which typically utilize machine learning (ML) models such as Deep Neural Network (DNN) and demand low latency and low power consumption. To support the edge requirements, ML models have to support faster inference and less computation. Dynamic DNNs (D2NN) have been proposed to support low-latency and power-saving on edge devices by enabling conditional computations and context dependant activation of the network model for inference; saving computational time and edge resources, hence they are becoming popular for edge applications. In this paper, we show that D2NN are vulnerable to our novel adversarial attack, Dynamic DNN Adversarial attacks (DDAS). Unlike conventional adversarial attacks that target classification accuracy, DDAS targets the IoT device resources such as the battery, latency, and so on. We show that our attack is effective under various attack scenarios with a high attack success rate. We also provide a retraining scheme as a countermeasure to DDAS and show its effectiveness.