Security Vulnerabilities in Deep Learning Deployment to Edge Devices in CPSs

Project (4): Security Vulnerabilities in Deep Learning Deployment to Edge Devices in CPSs

Deep learning has outperformed the conventional machine learning approaches. Deep learning uses the raw data itself to learn intrinsic features and make a classification or detection. This is achieved by building an architecture with a number of layers where each layer learns a certain feature inside the input data by transforming it into another abstraction. The initial layers (e.g Convolution layers and Pooling layers) learn low level features while the deeper layers (deeper Convolutional layer and fully connector layers) learn complex features by representing the data in a higher abstraction. Therefore, having a number of layers between the lowest and the highest layers gives a freedom to learn more complex features compared to their ancestors which have limited number of layers. There are different phases of deep learning, including a training phase, testing phase and validation (inference) phase. Although deep learning is a very promising technique, its deployment into edge devices to perform inference phase of the deep learning on-site, requires further investigation. Firstly, deep learning architectures are very complex, and hence, compressing it into the reduced processing capabilities of edge devices is a challenge. Secondly, the compressed deployments bring their own security vulnerability issues. In this project, the REU students will investigate the new security challenges associated with such deep neural network (DNN) architectures.

Studying Deep Convolutional Neural Network Architectures against Adversarial Training. Recently, It has been proven an attack scenario where carefully and uniformly adding weight perturbations can lead to maliciously erroneous training results. However, for large DNN, such weight perturbations can be noticeable and easy to detect. In this research task, the REU students will further investigate the effect of weight perturbation on a small subset of weights. We will utilize the combination of identification of critical weights with the optimization problem of weigh perturbation, such as hardware oriented Fast Gradient Sign Method (FGSM) and Jacobian-based Saliency Map Approach (JSMA).

Qualifications: Matlab, c/c++, microcontroller programming, EE, CmpE or CmpSci major, knowledge of encryption.

Mentor: Dr. Hasan (shasan@tntech.edu)