Live demonstration: man-in-the-middle attack on edge artificial intelligence
Deep neural networks (DNNs) are susceptible to evasion attacks. However, digital adversarial examples are typically applied to pre-captured static images. The perturbations are generated by loss optimization with knowledge of target model hyperparameters and are added offline. Physical adversarial e...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/174146 https://2024.ieee-iscas.org/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-174146 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1741462024-07-12T07:31:57Z Live demonstration: man-in-the-middle attack on edge artificial intelligence Hu, Bowen He, Weiyang Wang, Si Liu, Wenye Chang, Chip Hong School of Electrical and Electronic Engineering 2024 IEEE International Symposium on Circuits and Systems (ISCAS) Centre for Integrated Circuits and Systems Engineering Deep neural networks Edge artificial intelligence Deep neural networks (DNNs) are susceptible to evasion attacks. However, digital adversarial examples are typically applied to pre-captured static images. The perturbations are generated by loss optimization with knowledge of target model hyperparameters and are added offline. Physical adversarial examples, on the other hand, tamper with the physical target or use a realistically fabricated target to fool the DNN. A sufficient number of pristine target samples captured under different varying environmental conditions are required to create the physical adversarial perturbations. Both digital and physical input evasion attacks are not robust against dynamic object scene variations and the adversarial effects are often weakened by model reduction and quantization when the DNNs are implemented on edge artificial intelligence (AI) accelerator platforms. This demonstration presents a practical man-in-the-middle (MITM) attack on an edge DNN first reported in [1]. A tiny MIPI FPGA chip with hardened CSI-2 and D-PHY blocks is attached between the camera and the edge AI accelerator to inject unobtrusive stripes onto the RAW image data. The attack is less influenced by dynamic context variations such as changes in viewing angle, illumination, and distance of the target from the camera. Cyber Security Agency Ministry of Education (MOE) National Research Foundation (NRF) Submitted/Accepted version This research is supported in part by the National Research Foundation, Singapore, and Cyber Security Agency of Singapore under its National Cy- bersecurity Research & Development Programme (Cyber-Hardware Forensic & Assurance Evaluation R&D Programme NRF2018NCRNCR009-0001) and in part by the Ministry of Education, Singapore, under its AcRF Tier 2 Award No. MOET2EP50220-0003. 2024-06-06T03:03:36Z 2024-06-06T03:03:36Z 2024 Conference Paper Hu, B., He, W., Wang, S., Liu, W. & Chang, C. H. (2024). Live demonstration: man-in-the-middle attack on edge artificial intelligence. 2024 IEEE International Symposium on Circuits and Systems (ISCAS). https://dx.doi.org/10.1109/ISCAS58744.2024.10558371 https://hdl.handle.net/10356/174146 10.1109/ISCAS58744.2024.10558371 https://2024.ieee-iscas.org/ en NRF2018NCRNCR009-0001 MOET2EP50220-0003 © 2024 IEEE. All rights reserved. This article may be downloaded for personal use only. Any other use requires prior permission of the copyright holder. The Version of Record is available online at http://doi.org/10.1109/ISCAS58744.2024.10558371. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering Deep neural networks Edge artificial intelligence |
| spellingShingle |
Engineering Deep neural networks Edge artificial intelligence Hu, Bowen He, Weiyang Wang, Si Liu, Wenye Chang, Chip Hong Live demonstration: man-in-the-middle attack on edge artificial intelligence |
| description |
Deep neural networks (DNNs) are susceptible to evasion attacks. However, digital adversarial examples are typically applied to pre-captured static images. The perturbations are generated by loss optimization with knowledge of target model hyperparameters and are added offline. Physical adversarial examples, on the other hand, tamper with the physical target or use a realistically fabricated target to fool the DNN. A
sufficient number of pristine target samples captured under different varying environmental conditions are required to create the physical adversarial perturbations. Both digital and physical input evasion attacks are not robust against dynamic object scene variations and the adversarial effects are often weakened by model reduction and quantization when the DNNs are implemented on edge artificial intelligence (AI) accelerator platforms. This demonstration presents a practical man-in-the-middle (MITM) attack on an edge DNN first reported in [1]. A tiny MIPI FPGA chip with hardened CSI-2 and D-PHY blocks is attached between the camera and the edge AI accelerator to inject unobtrusive stripes onto the RAW image data. The attack is less influenced by dynamic context variations such as changes in viewing angle, illumination, and distance of the target from the camera. |
| author2 |
School of Electrical and Electronic Engineering |
| author_facet |
School of Electrical and Electronic Engineering Hu, Bowen He, Weiyang Wang, Si Liu, Wenye Chang, Chip Hong |
| format |
Conference or Workshop Item |
| author |
Hu, Bowen He, Weiyang Wang, Si Liu, Wenye Chang, Chip Hong |
| author_sort |
Hu, Bowen |
| title |
Live demonstration: man-in-the-middle attack on edge artificial intelligence |
| title_short |
Live demonstration: man-in-the-middle attack on edge artificial intelligence |
| title_full |
Live demonstration: man-in-the-middle attack on edge artificial intelligence |
| title_fullStr |
Live demonstration: man-in-the-middle attack on edge artificial intelligence |
| title_full_unstemmed |
Live demonstration: man-in-the-middle attack on edge artificial intelligence |
| title_sort |
live demonstration: man-in-the-middle attack on edge artificial intelligence |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/174146 https://2024.ieee-iscas.org/ |
| _version_ |
1806059778227568640 |