Core Concepts
Distributed edge intelligence systems are vulnerable to membership inference attacks that can lead to sensitive data leakage. Effective defense mechanisms are necessary to safeguard data privacy in these systems.
Abstract
The paper investigates security threats within distributed edge intelligence systems, focusing on membership inference attacks (MIA) to elucidate potential data leakage. It explores various MIA techniques, including NN-based attacks, Metric-based attacks, and Differential attacks, and evaluates their performance on diverse participant client users.
The key findings are:
NN-based attacks can achieve high attack performance (>82%) across varying numbers of clients, but the effectiveness decreases as the system size increases.
Metric-based attacks, such as those based on prediction confidence, can be more effective than those based on prediction entropy in the distributed edge setting.
Differential attacks, especially under non-IID conditions, can achieve high accuracy (>80%) in detecting membership information leakage.
Defense mechanisms like Regularization and Dropout can help mitigate the privacy risks, with Dropout proving more effective than Regularization.
The paper contributes to safeguarding data privacy in the context of distributed edge intelligence systems by identifying vulnerabilities and proposing effective defense strategies.
Stats
Distributed edge intelligence systems with 2-5 clients were evaluated.
CIFAR-10, CIFAR-100, and News datasets were used in the experiments.
NN-based attacks achieved up to 83% accuracy on the CIFAR-10 dataset.
Metric-based attacks based on prediction confidence achieved up to 66% accuracy on the distributed edge system with 4 clients.
Differential attacks achieved up to 80% accuracy under non-IID conditions on the CIFAR-100 dataset.
Quotes
"Experimental findings validate the efficacy of our approach in detecting data leakage issues within edge intelligence systems, while also highlighting the utility of our defense mechanisms in mitigating this security threat."
"Regularization does not yield significant defense results. However, it appears that the differential attack itself may have a better defense against regularization, as evidenced by the improved defense results obtained when employing conventional attacks."