A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane
The vulnerability of deep neural networks (DNNs) has been exposed by adversarial examples. Although the adversarial perturbations can be made visually imperceptible or photorealistic on any image, they have to be added offline on pre-captured static input in order to accomplish the malicious goal. A...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/165204 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-165204 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1652042023-03-24T15:44:47Z A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane Liu, Wenye He, Weiyang Hu, Bowen Chang, Chip-Hong School of Electrical and Electronic Engineering 2022 IEEE 35th International System-on-Chip Conference (SOCC) VIRTUS, IC Design Centre of Excellence Engineering::Computer science and engineering::Hardware::Input/output and data communications Engineering::Electrical and electronic engineering::Computer hardware, software and systems Cameras Image Edge Detection The vulnerability of deep neural networks (DNNs) has been exposed by adversarial examples. Although the adversarial perturbations can be made visually imperceptible or photorealistic on any image, they have to be added offline on pre-captured static input in order to accomplish the malicious goal. As opposed to subtle distortion, real-time misclassification on streaming images can be realized by manipulating the objects in physical world. Recently, object-contactless physical attacks, as exemplified by a translucent sticker affixed to the lens of a camera, show that a sensor-enabled edge computing platform can be an alluring target of adversarial attack. Nevertheless, success rates of reported camera-based patch attacks are not high enough to overshadow other forms of evasion attacks even when they are performed under the white-box scenario. In this paper, we present a practical and robust fault injection approach cooperated with a hardware-friendly sparse strip pattern to deceive the deployed DNN device on real-time streaming images. The strip perturbation is generated in a line-offset form by an optimization algorithm. It can be injected into camera data lane between the image sensor and the endpoint node stealthily without disturbing the data traffic through an interface bridge implemented by a tiny off-the-shelf FPGA device. We demonstrate our attack on the Raspberry Pi 4 platform with the Pi camera v2 and the Intel NCS2 inference stick. By evaluating 280 physically captured images from ten objects in 28 viewing angles, we show that the proposed attack on four ImageNet models including ResNet50, MobileNet-v2, Inception-v3 and EfficientNet-B0 can achieve 89.2% ∼ 96.1% success rates. National Research Foundation (NRF) Submitted/Accepted version This research is supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme/Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: CHFA-GC1-AW01). 2023-03-24T13:35:50Z 2023-03-24T13:35:50Z 2022 Conference Paper Liu, W., He, W., Hu, B. & Chang, C. (2022). A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane. 2022 IEEE 35th International System-on-Chip Conference (SOCC), 2022-September, 1-6. https://dx.doi.org/10.1109/SOCC56010.2022.9908112 978-1-6654-5985-3 https://hdl.handle.net/10356/165204 10.1109/SOCC56010.2022.9908112 2-s2.0-85140780344 2022-September 1 6 en CHFA-GC1- AW01 © 2022 IEEE. All rights reserved. This paper was published in the Proceedings of 2022 IEEE 35th International System-on-Chip Conference (SOCC) and is made available with permission of IEEE. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Hardware::Input/output and data communications Engineering::Electrical and electronic engineering::Computer hardware, software and systems Cameras Image Edge Detection |
| spellingShingle |
Engineering::Computer science and engineering::Hardware::Input/output and data communications Engineering::Electrical and electronic engineering::Computer hardware, software and systems Cameras Image Edge Detection Liu, Wenye He, Weiyang Hu, Bowen Chang, Chip-Hong A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane |
| description |
The vulnerability of deep neural networks (DNNs) has been exposed by adversarial examples. Although the adversarial perturbations can be made visually imperceptible or photorealistic on any image, they have to be added offline on pre-captured static input in order to accomplish the malicious goal. As opposed to subtle distortion, real-time misclassification on streaming images can be realized by manipulating the objects in physical world. Recently, object-contactless physical attacks, as exemplified by a translucent sticker affixed to the lens of a camera, show that a sensor-enabled edge computing platform can be an alluring target of adversarial attack. Nevertheless, success rates of reported camera-based patch attacks are not high enough to overshadow other forms of evasion attacks even when they are performed under the white-box scenario. In this paper, we present a practical and robust fault injection approach cooperated with a hardware-friendly sparse strip pattern to deceive the deployed DNN device on real-time streaming images. The strip perturbation is generated in a line-offset form by an optimization algorithm. It can be injected into camera data lane between the image sensor and the endpoint node stealthily without disturbing the data traffic through an interface bridge implemented by a tiny off-the-shelf FPGA device. We demonstrate our attack on the Raspberry Pi 4 platform with the Pi camera v2 and the Intel NCS2 inference stick. By evaluating 280 physically captured images from ten objects in 28 viewing angles, we show that the proposed attack on four ImageNet models including ResNet50, MobileNet-v2, Inception-v3 and EfficientNet-B0 can achieve 89.2% ∼ 96.1% success rates. |
| author2 |
School of Electrical and Electronic Engineering |
| author_facet |
School of Electrical and Electronic Engineering Liu, Wenye He, Weiyang Hu, Bowen Chang, Chip-Hong |
| format |
Conference or Workshop Item |
| author |
Liu, Wenye He, Weiyang Hu, Bowen Chang, Chip-Hong |
| author_sort |
Liu, Wenye |
| title |
A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane |
| title_short |
A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane |
| title_full |
A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane |
| title_fullStr |
A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane |
| title_full_unstemmed |
A practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane |
| title_sort |
practical man-in-the-middle attack on deep learning edge device by sparse light strip injection into camera data lane |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/165204 |
| _version_ |
1761781509518262272 |