Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks

Abstract Vehicular CrowdSensing (VCS) network is one of the key scenarios for future 6G ubiquitous artificial intelligence. In a VCS network, vehicles are recruited for collecting urban data and performing deep model inference. Due to the limited computing power of vehicles, we deploy a device-edge...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Maoqiang Wu, Dongdong Ye, Chaorui Zhang, Rong Yu
Formato: article
Lenguaje:EN
Publicado: SpringerOpen 2021
Materias:
Acceso en línea:https://doaj.org/article/9938b451c6c24ecdb58ab6edc2ac9bad
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:9938b451c6c24ecdb58ab6edc2ac9bad
record_format dspace
spelling oai:doaj.org-article:9938b451c6c24ecdb58ab6edc2ac9bad2021-11-21T12:14:23ZSpears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks10.1186/s13634-021-00822-71687-6180https://doaj.org/article/9938b451c6c24ecdb58ab6edc2ac9bad2021-11-01T00:00:00Zhttps://doi.org/10.1186/s13634-021-00822-7https://doaj.org/toc/1687-6180Abstract Vehicular CrowdSensing (VCS) network is one of the key scenarios for future 6G ubiquitous artificial intelligence. In a VCS network, vehicles are recruited for collecting urban data and performing deep model inference. Due to the limited computing power of vehicles, we deploy a device-edge co-inference paradigm to improve the inference efficiency in the VCS network. Specifically, the vehicular device and the edge server keep a part of the deep model separately, but work together to perform the inference through sharing intermediate results. Although vehicles keep the raw data locally, privacy issues still exist once attackers obtain the shared intermediate results and recover the raw data in some way. In this paper, we validate the possibility by conducting a systematic study on the privacy attack and defense in the co-inference of VCS network. The main contributions are threefold: (1) We take the road sign classification task as an example to demonstrate how an attacker reconstructs the raw data without any knowledge of deep models. (2) We propose a model-perturbation defense to defend against such attacks by injecting some random Laplace noise into the deep model. A theoretical analysis is given to show that the proposed defense mechanism achieves $$\epsilon$$ ϵ -differential privacy. (3) We further propose a Stackelberg game-based incentive mechanism to attract the vehicles to participate in the co-inference by compensating their privacy loss in a satisfactory way. The simulation results show that our proposed defense mechanism can significantly reduce the effects of the attacks and the proposed incentive mechanism is very effective.Maoqiang WuDongdong YeChaorui ZhangRong YuSpringerOpenarticleDeep model co-inferenceDifferential privacyVehicular crowdsensing networkStackelberg gameTelecommunicationTK5101-6720ElectronicsTK7800-8360ENEURASIP Journal on Advances in Signal Processing, Vol 2021, Iss 1, Pp 1-21 (2021)
institution DOAJ
collection DOAJ
language EN
topic Deep model co-inference
Differential privacy
Vehicular crowdsensing network
Stackelberg game
Telecommunication
TK5101-6720
Electronics
TK7800-8360
spellingShingle Deep model co-inference
Differential privacy
Vehicular crowdsensing network
Stackelberg game
Telecommunication
TK5101-6720
Electronics
TK7800-8360
Maoqiang Wu
Dongdong Ye
Chaorui Zhang
Rong Yu
Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks
description Abstract Vehicular CrowdSensing (VCS) network is one of the key scenarios for future 6G ubiquitous artificial intelligence. In a VCS network, vehicles are recruited for collecting urban data and performing deep model inference. Due to the limited computing power of vehicles, we deploy a device-edge co-inference paradigm to improve the inference efficiency in the VCS network. Specifically, the vehicular device and the edge server keep a part of the deep model separately, but work together to perform the inference through sharing intermediate results. Although vehicles keep the raw data locally, privacy issues still exist once attackers obtain the shared intermediate results and recover the raw data in some way. In this paper, we validate the possibility by conducting a systematic study on the privacy attack and defense in the co-inference of VCS network. The main contributions are threefold: (1) We take the road sign classification task as an example to demonstrate how an attacker reconstructs the raw data without any knowledge of deep models. (2) We propose a model-perturbation defense to defend against such attacks by injecting some random Laplace noise into the deep model. A theoretical analysis is given to show that the proposed defense mechanism achieves $$\epsilon$$ ϵ -differential privacy. (3) We further propose a Stackelberg game-based incentive mechanism to attract the vehicles to participate in the co-inference by compensating their privacy loss in a satisfactory way. The simulation results show that our proposed defense mechanism can significantly reduce the effects of the attacks and the proposed incentive mechanism is very effective.
format article
author Maoqiang Wu
Dongdong Ye
Chaorui Zhang
Rong Yu
author_facet Maoqiang Wu
Dongdong Ye
Chaorui Zhang
Rong Yu
author_sort Maoqiang Wu
title Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks
title_short Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks
title_full Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks
title_fullStr Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks
title_full_unstemmed Spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks
title_sort spears and shields: attacking and defending deep model co-inference in vehicular crowdsensing networks
publisher SpringerOpen
publishDate 2021
url https://doaj.org/article/9938b451c6c24ecdb58ab6edc2ac9bad
work_keys_str_mv AT maoqiangwu spearsandshieldsattackinganddefendingdeepmodelcoinferenceinvehicularcrowdsensingnetworks
AT dongdongye spearsandshieldsattackinganddefendingdeepmodelcoinferenceinvehicularcrowdsensingnetworks
AT chaoruizhang spearsandshieldsattackinganddefendingdeepmodelcoinferenceinvehicularcrowdsensingnetworks
AT rongyu spearsandshieldsattackinganddefendingdeepmodelcoinferenceinvehicularcrowdsensingnetworks
_version_ 1718419140751917056