Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks

Vehicular CrowdSensing (VCS) network is one of the key scenarios for future 6G ubiquitous artificial intelligence. In a VCS network, vehicles are recruited for collecting urban data and performing deep model inference. Due to the limited computing power of vehicles, we deploy a device-edge co-inference paradigm to improve the inference efficiency in the VCS network. Specifically, the vehicular device and the edge server keep a part of the deep model separately, but work together to perform the inference through sharing intermediate results. Although vehicles keep the raw data locally, privacy issues still exist once attackers obtain the shared intermediate results and recover the raw data in some way. In this paper, we validate the possibility by conducting a systematic study on the privacy attack and defense in the co-inference of VCS network. The main contributions are threefold: (1) We take the road sign classification task as an example to demonstrate how an attacker reconstructs the raw data without any knowledge of deep models. (2) We propose a model-perturbation defense to defend against such attacks by injecting some random Laplace noise into the deep model. A theoretical analysis is given to show that the proposed defense mechanism achieves $$\epsilon$$ ϵ -differential privacy. (3) We further propose a Stackelberg game-based incentive mechanism to attract the vehicles to participate in the co-inference by compensating their privacy loss in a satisfactory way. The simulation results show that our proposed defense mechanism can significantly reduce the effects of the attacks and the proposed incentive mechanism is very effective.

[1]  Zhi Zhou,et al.  Edge AI: On-Demand Accelerating Deep Neural Network Inference via Edge Computing , 2019, IEEE Transactions on Wireless Communications.

[2]  Jing Yang,et al.  Incentive Mechanisms for Motivating Mobile Data Offloading in Heterogeneous Networks: A Salary-Plus-Bonus Approach , 2018, ArXiv.

[3]  Shengli Xie,et al.  Efficient Workload Allocation and User-Centric Utility Maximization for Task Scheduling in Collaborative Vehicular Edge Computing , 2021, IEEE Transactions on Vehicular Technology.

[4]  Thomas de Quincey [C] , 2000, The Works of Thomas De Quincey, Vol. 1: Writings, 1799–1820.

[5]  Jie Xu,et al.  Privacy-Aware Edge Computing Based on Adaptive DNN Partitioning , 2019, 2019 IEEE Global Communications Conference (GLOBECOM).

[6]  Adam J. Hall,et al.  Practical Defences Against Model Inversion Attacks for Split Neural Networks , 2021, ArXiv.

[7]  Zhu Han,et al.  Edge Computing Resource Management and Pricing for Mobile Blockchain , 2017, ArXiv.

[8]  Xueyan Zhang,et al.  NOMA-Based Resource Allocation for Cluster-Based Cognitive Industrial Internet of Things , 2020, IEEE Transactions on Industrial Informatics.

[9]  Xumin Huang,et al.  Hybrid Sensor Network with Edge Computing for AI Applications of Connected Vehicles , 2020 .

[10]  Moshe Zukerman,et al.  Distributed Energy Trading in Microgrids: A Game-Theoretic Model and Its Equilibrium Analysis , 2015, IEEE Transactions on Industrial Electronics.

[11]  Ruby B. Lee,et al.  Attacking and Protecting Data Privacy in Edge–Cloud Collaborative Inference Systems , 2021, IEEE Internet of Things Journal.

[12]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[13]  Ruby B. Lee,et al.  Model inversion attacks against collaborative inference , 2019, ACSAC.

[14]  Wei Wang,et al.  Evolutionary V2X Technologies Toward the Internet of Vehicles: Challenges and Opportunities , 2020, Proceedings of the IEEE.

[15]  H. Vincent Poor,et al.  Three-Party Energy Management With Distributed Energy Resources in Smart Grid , 2014, IEEE Transactions on Industrial Electronics.

[16]  Dong Li,et al.  Ultra-reliable MU-MIMO detector based on deep learning for 5G/B5G-enabled IoT , 2020, Phys. Commun..

[17]  Weidang Lu,et al.  5G-based green broadband communication system design with simultaneous wireless information and power transfer , 2018, Phys. Commun..

[18]  Trevor N. Mudge,et al.  Neurosurgeon: Collaborative Intelligence Between the Cloud and Mobile Edge , 2017, ASPLOS.

[19]  Arumugam Nallanathan,et al.  Computational Intelligence and Deep Learning for Next-Generation Edge-Enabled Industrial IoT , 2021, IEEE Transactions on Network Science and Engineering.

[20]  Xueyan Zhang,et al.  Rate and Energy Efficiency Improvements for 5G-Based IoT With Simultaneous Transfer , 2019, IEEE Internet of Things Journal.

[21]  Dan Deng,et al.  A Note on Implementation Methodologies of Deep Learning-Based Signal Detection for Conventional MIMO Transmitters , 2020, IEEE Transactions on Broadcasting.

[22]  Miao Pan,et al.  Evaluation of Inference Attack Models for Deep Learning on Medical Data , 2020, ArXiv.

[23]  Philip S. Yu,et al.  Not Just Privacy: Improving Performance of Private Deep Learning in Mobile Cloud , 2018, KDD.

[24]  Shengli Xie,et al.  FedParking: A Federated Learning Based Parking Space Estimation With Parked Vehicle Assisted Edge Computing , 2021, IEEE Transactions on Vehicular Technology.

[25]  George K. Karagiannidis,et al.  Towards Optimally Efficient Search with Deep Learning for Large-Scale MIMO Systems , 2021 .

[26]  Xi Fang,et al.  Incentive Mechanisms for Crowdsensing: Crowdsourcing With Smartphones , 2016, IEEE/ACM Transactions on Networking.

[27]  P. Alam ‘L’ , 2021, Composites Engineering: An A–Z Guide.

[28]  Miao Pan,et al.  Federated Learning in Vehicular Edge Computing: A Selective Model Aggregation Approach , 2020, IEEE Access.

[29]  Miao Pan,et al.  Incentivizing Differentially Private Federated Learning: A Multidimensional Contract Approach , 2021, IEEE Internet of Things Journal.

[30]  George K. Karagiannidis,et al.  Secure Cache-Aided Multi-Relay Networks in the Presence of Multiple Eavesdroppers , 2019, IEEE Transactions on Communications.