ABSTRACT
Distributed Multi-exit Neural Networks (MeNNs) use partitioning and early exits to reduce the cost of neural network inference on low-power sensing systems. Existing MeNNs exhibit high inference accuracy using policies that select when to exit based on data-dependent prediction confidence. This paper presents a side-channel attack against distributed MeNNs employing data-dependent early exit policies. We find that an adversary can observe when a distributed MeNN exits early using encrypted communication patterns. An adversary can then use these observations to discover the MeNN's predictions with over 1.85× the accuracy of random guessing. In some cases, the side-channel leaks over 80% of the model's predictions. This leakage occurs because prior policies make decisions using a single threshold on varying prediction confidence distributions. We address this problem through two new exit policies. The first method, Per-Class Exiting (PCE), uses multiple thresholds to balance exit rates across predicted classes. This policy retains high accuracy and lowers prediction leakage, but we prove it has no privacy guarantees. We obtain these guarantees with a second policy, Confidence-Guided Randomness (CGR), which randomly selects when to exit using probabilities biased toward PCE's decisions. CGR provides statistically equivalent privacy with consistently higher inference accuracy than exiting early uniformly at random. Both PCE and CGR have low overhead, making them viable security solutions in resource-constrained settings.
- Martín Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, et al. 2016a. TensorFlow: A system for Large-Scale machine learning. In 12th USENIX Symposium on Operating Systems Design and Implementation. 265--283.Google ScholarDigital Library
- Martín Abadi, Andy Chu, Ian Goodfellow, H Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016b. Deep learning with differential privacy. In 23rd ACM Conf. on Computer and Communications Security. 308--318.Google ScholarDigital Library
- Fevzi Alimoglu and Ethem Alpaydin. 1996. Methods of combining multiple classifiers based on different representations for pen-based handwritten digit recognition. In 5th Turkish Artificial Intelligence and Artificial Neural Networks Symposium. Citeseer.Google Scholar
- Davide Anguita, Alessandro Ghio, Luca Oneto, Xavier Parra Perez, and Jorge Luis Reyes Ortiz. 2013. A public domain dataset for human activity recognition using smartphones. In 21st International European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning. 437--442.Google Scholar
- Noah Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster. 2019. Keeping the smart home private with smart(er) IoT traffic shaping. Proceedings on Privacy Enhancing Technologies, Vol. 2019, 3 (2019).Google ScholarCross Ref
- Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In IEEE Symposium on Security and Privacy. 3--11.Google ScholarCross Ref
- Amin Banitalebi-Dehkordi, Naveen Vedula, Jian Pei, Fei Xia, Lanjun Wang, and Yong Zhang. 2021. Auto-split: A general framework of collaborative edge-cloud AI. In 27th ACM Conf. on Knowledge Discovery & Data Mining. 2543--2553.Google ScholarDigital Library
- Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. 2019. CSI NN: Reverse engineering of neural network architectures through electromagnetic side channel. In 28th USENIX Security Symposium. 515--532.Google Scholar
- Konstantin Berestizshevsky and Guy Even. 2019. Dynamically sacrificing accuracy for reduced computation: Cascaded inference based on softmax confidence. In International Conf. on Artificial Neural Networks. Springer, 306--320.Google ScholarDigital Library
- Erik Bernhardsson. 2023. Annoy. https://github.com/spotify/annoy.Google Scholar
- Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Šrndić, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time. In Joint European Conf. on Machine Learning and Knowledge Discovery in Databases. Springer, 387--402.Google ScholarDigital Library
- David Brumley and Dan Boneh. 2005. Remote timing attacks are practical. Computer Networks, Vol. 48, 5 (2005), 701--716.Google ScholarDigital Library
- Xiang Cai, Rishab Nithyanand, and Rob Johnson. 2014. Cs-BuFLO: A congestion sensitive website fingerprinting defense. In 13th Workshop on Privacy in the Electronic Society. 121--130.Google ScholarDigital Library
- Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramer. 2022. Membership inference attacks from first principles. In 43rd IEEE Symposium on Security and Privacy. 1897--1914.Google ScholarCross Ref
- Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 38th IEEE Symposium on Security and Privacy. 39--57.Google ScholarCross Ref
- Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang. 2010. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In 31st IEEE Symposium on Security and Privacy. 191--206.Google ScholarDigital Library
- Gregory Cohen, Saeed Afshar, Jonathan Tapson, and André van Schaik. 2017. EMNIST: an extension of MNIST to handwritten letters. arXiv:1702.05373.Google Scholar
- Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999).Google Scholar
- Aveek K Das, Parth H Pathak, Chen-Nee Chuah, and Prasant Mohapatra. 2016. Uncovering privacy leakage in BLE network traffic of wearable fitness trackers. In 17th Workshop on Mobile Computing Systems and Applications. 99--104.Google ScholarDigital Library
- Bradley Denby and Brandon Lucia. 2020. Orbital edge computing: Nanosatellite constellations as a new class of computer system. In 25th Conf. on Architectural Support for Programming Languages and Operating Systems. 939--954.Google ScholarDigital Library
- Amol Deshpande, Carlos Guestrin, Samuel R Madden, Joseph M Hellerstein, and Wei Hong. 2004. Model-driven data acquisition in sensor networks. In 13th Conf. on Very Large Databases. 588--599.Google ScholarCross Ref
- Kevin P Dyer, Scott E Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In 33rd IEEE symposium on Security and Privacy. 332--346.Google ScholarDigital Library
- Bugra Gedik, Ling Liu, and S Yu Philip. 2007. ASAP: An adaptive sampling approach to data collection in sensor networks. IEEE Transactions on Parallel and Distributed Systems, Vol. 18, 12 (2007), 1766--1783.Google ScholarDigital Library
- Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. 2016. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International Conf. on Machine Learning. PMLR, 201--210.Google Scholar
- Graham Gobieski, Brandon Lucia, and Nathan Beckmann. 2019. Intelligence beyond the edge: Inference on intermittent embedded systems. In 24th Conf. on Architectural Support for Programming Languages and Operating Systems. 199--213.Google ScholarDigital Library
- Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In International Conf. on Learning Representations.Google Scholar
- Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. BadNets: Identifying vulnerabilities in the machine learning model supply chain. arXiv:1708.06733.Google Scholar
- Amira Guesmi, Ihsen Alouani, Khaled N Khasawneh, Mouna Baklouti, Tarek Frikha, Mohamed Abid, and Nael Abu-Ghazaleh. 2021. Defensive approximation: Securing CNNs using approximate computing. In 26th Conf. on Architectural Support for Programming Languages and Operating Systems. 990--1003.Google ScholarDigital Library
- Mirazul Haque, Anki Chauhan, Cong Liu, and Wei Yang. 2020. ILFO: Adversarial attack on adaptive neural networks. In IEEE Conf. on Computer Vision and Pattern Recognition. 14264--14273.Google ScholarCross Ref
- Hanieh Hashemi, Yongqin Wang, and Murali Annavaram. 2021. DarKnight: An accelerated framework for privacy and integrity preserving deep learning using trusted hardware. In 54th IEEE/ACM International Symposium on Microarchitecture. 212--224.Google ScholarDigital Library
- Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In IEEE Conf. on Computer Vision and Pattern Recognition. 770--778.Google ScholarCross Ref
- Shivayogi Hiremath, Geng Yang, and Kunal Mankodiya. 2014. Wearable Internet of Things: Concept, architectural components and promises for person-centered healthcare. In 4th IEEE Conf. on Wireless Mobile Communication and Healthcare. 304--307.Google ScholarCross Ref
- JK Holland, EK Kemsley, and RH Wilson. 1998. Use of Fourier transform infrared spectroscopy and partial least squares regression for the detection of adulteration of strawberry purees. Journal of the Science of Food and Agriculture, Vol. 76, 2 (1998), 263--269.Google ScholarCross Ref
- Sanghyun Hong, Yiug itcan Kaya, Ionuct -Vlad Modoranu, and Tudor Dumitracs. 2020. A panda? No, it's a sloth: Slowdown attacks on adaptive multi-exit neural network inference. arXiv:2010.02432.Google Scholar
- Ting-Kuei Hu, Tianlong Chen, Haotao Wang, and Zhangyang Wang. 2020. Triple wins: Boosting accuracy, robustness and efficiency together by enabling input-adaptive inference. arXiv:2002.10025.Google Scholar
- Weizhe Hua, Zhiru Zhang, and G Edward Suh. 2018. Reverse engineering convolutional neural networks through side-channel information leaks. In 55th ACM/ESDA/IEEE Design Automation Conf. 1--6.Google ScholarDigital Library
- Gao Huang, Danlu Chen, Tianhong Li, Felix Wu, Laurens Van Der Maaten, and Kilian Q Weinberger. 2017. Multi-scale dense networks for resource efficient image classification. arXiv:1703.09844.Google Scholar
- Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Logan Engstrom, Brandon Tran, and Aleksander Madry. 2019. Adversarial examples are not bugs, they are features. Advances in Neural Information Processing Systems, Vol. 32 (2019).Google Scholar
- Texas Instruments. 2020. TI MSP430 EnergyTrace Technology. https://www.ti.com/lit/ug/slau157as/slau157as.pdf. Accessed: 04-2023.Google Scholar
- Texas Instruments. 2021. TI MSP430 FR5994 Datasheet. https://www.ti.com/lit/ds/symlink/msp430fr5994.pdf. Accessed: 04-2023.Google Scholar
- Zohar Jackson. 2022. Free spoken digit dataset. https://github.com/Jakobovski/free-spoken-digit-dataset. Accessed: 04-2023.Google Scholar
- Weiyu Ju, Wei Bao, Liming Ge, and Dong Yuan. 2021. Dynamic early exit scheduling for deep neural network inference through contextual bandits. In 30th ACM International Conf. on Information & Knowledge Management. 823--832.Google ScholarDigital Library
- Philo Juang, Hidekazu Oki, Yong Wang, Margaret Martonosi, Li Shiuan Peh, and Daniel Rubenstein. 2002. Energy-efficient computing for wildlife tracking: Design tradeoffs and early experiences with ZebraNet. In 10th Conf. on Architectural Support for Programming Languages and Operating Systems. 96--107.Google ScholarDigital Library
- Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, and Matthew Wright. 2016. Toward an efficient website fingerprinting defense. In 21st European Symposium on Research in Computer Security. Springer, 27--46.Google ScholarCross Ref
- Pandurang Kamat, Wenyuan Xu, Wade Trappe, and Yanyong Zhang. 2007. Temporal privacy in wireless sensor networks. In 27th IEEE International Conf. on Distributed Computing Systems. 23--23.Google ScholarDigital Library
- Yiping Kang, Johann Hauswald, Cao Gao, Austin Rovinski, Trevor Mudge, Jason Mars, and Lingjia Tang. 2017. Neurosurgeon: Collaborative intelligence between the cloud and mobile edge. ACM SIGARCH Computer Architecture News, Vol. 45, 1 (2017), 615--629.Google ScholarDigital Library
- Tejas Kannan, Nick Feamster, and Henry Hoffmann. 2023. Prediction privacy in distributed multi-exit neural networks: Vulnerabilities and solutions. https://github.com/tejaskannan/privacy-dnn-early-exit/blob/master/dnn_early_exit_privacy_extended.pdf.Google Scholar
- Tejas Kannan and Henry Hoffmann. 2022. Protecting adaptive sampling from information leakage on low-power sensors. In 27th ACM Conf. on Architectural Support for Programming Languages and Operating Systems. 240--254.Google ScholarDigital Library
- Yigitcan Kaya, Sanghyun Hong, and Tudor Dumitras. 2019. Shallow-deep networks: Understanding and mitigating network overthinking. In International Conf. on Machine Learning. PMLR, 3301--3310.Google Scholar
- Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv:1412.6980.Google Scholar
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Annual International Cryptology Conf. Springer, 388--397.Google ScholarCross Ref
- Pang Wei Koh, Shiori Sagawa, Henrik Marklund, Sang Michael Xie, Marvin Zhang, Akshay Balsubramani, Weihua Hu, Michihiro Yasunaga, Richard Lanas Phillips, Irena Gao, et al. 2021. Wilds: A benchmark of in-the-wild distribution shifts. In International Conf. on Machine Learning. PMLR, 5637--5664.Google Scholar
- Alex Krizhevsky, Geoffrey Hinton, et al. 2009. Learning multiple layers of features from tiny images.Google Scholar
- Tarald O Kvålseth. 2017. On normalized mutual information: Measure derivations and properties. Entropy, Vol. 19, 11 (2017), 631.Google ScholarCross Ref
- Jennifer R Kwapisz, Gary M Weiss, and Samuel A Moore. 2011. Activity recognition using cell phone accelerometers. ACM SigKDD Explorations Newsletter, Vol. 12, 2 (2011), 74--82.Google ScholarDigital Library
- Stefanos Laskaridis, Stylianos I Venieris, Mario Almeida, Ilias Leontiadis, and Nicholas D Lane. 2020. SPINN: Synergistic progressive inference of neural networks over device and cloud. In 26th International Conf. on Mobile Computing and Networking. 1--15.Google ScholarDigital Library
- Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. Nature, Vol. 521, 7553 (2015), 436--444.Google Scholar
- Yann LeCun, Corinna Cortes, and Chris Burges. 1998. The MNIST database of handwritten digits. http://yann. lecun. com/exdb/mnist/ (1998).Google Scholar
- Mathias Lecuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, and Suman Jana. 2019. Certified robustness to adversarial examples with differential privacy. In 40th IEEE Symposium on Security and Privacy. 656--672.Google ScholarCross Ref
- Hankook Lee and Jinwoo Shin. 2018. Anytime neural prediction via slicing networks vertically. arXiv:1807.02609.Google Scholar
- En Li, Liekang Zeng, Zhi Zhou, and Xu Chen. 2019. Edge AI: On-demand accelerating deep neural network inference via edge computing. IEEE Transactions on Wireless Communications, Vol. 19, 1 (2019), 447--457.Google ScholarCross Ref
- Zheng Li, Yiyong Liu, Xinlei He, Ning Yu, Michael Backes, and Yang Zhang. 2022. Auditing membership leakages of multi-exit networks. In ACM Conf. on Computer and Communications Security. 1917--1931.Google ScholarDigital Library
- Ji Lin, Wei-Ming Chen, Yujun Lin, Chuang Gan, Song Han, et al. 2020. MCUnet: Tiny deep learning on IoT devices. Advances in Neural Information Processing Systems, Vol. 33 (2020), 11711--11722.Google Scholar
- Jian Liu, Mika Juuti, Yao Lu, and Nadarajah Asokan. 2017. Oblivious neural network predictions via MiniONN transformations. In ACM Conf. on Computer and Communications Security. 619--631.Google ScholarDigital Library
- Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083.Google Scholar
- Alan Mainwaring, David Culler, Joseph Polastre, Robert Szewczyk, and John Anderson. 2002. Wireless sensor networks for habitat monitoring. In 1st ACM Workshop on Wireless Sensor Networks and Applications. 88--97.Google ScholarDigital Library
- Aastha Mehta, Mohamed Alzayat, Roberta De Viti, Björn B. Brandenburg, Peter Druschel, and Deepak Garg. 2022. Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud. In 31st USENIX Security Symposium. USENIX Association, Boston, MA, 2819--2838.Google Scholar
- Thomas S. Messerges and Ezzy A. Dabbish. 1999. Investigations of Power Analysis Attacks on Smartcards. In USENIX Workshop on Smartcard Technology. USENIX Association.Google Scholar
- Fan Mo, Ali Shahin Shamsabadi, Kleomenis Katevas, Soteris Demetriou, Ilias Leontiadis, Andrea Cavallaro, and Hamed Haddadi. 2020. DarkneTZ: Towards model privacy at the edge using trusted execution environments. In 18th Conf. on Mobile Systems, Applications, and Services. 161--174.Google ScholarDigital Library
- Payman Mohassel and Yupeng Zhang. 2017. SecureML: A system for scalable privacy-preserving machine learning. In 38th IEEE symposium on Security and Privacy. 19--38.Google ScholarCross Ref
- Rishab Nithyanand, Xiang Cai, and Rob Johnson. 2014. Glove: A bespoke website fingerprinting defense. In 13th Workshop on Privacy in the Electronic Society. 131--134.Google ScholarDigital Library
- Angela Orebaugh, Gilbert Ramirez, and Jay Beale. 2006. Wireshark & Ethereal network protocol analyzer toolkit. Elsevier.Google Scholar
- Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, and Min Yang. 2022. Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation. In 31st USENIX Security Symposium. 3611--3628.Google Scholar
- Liam Paninski. 2003. Estimation of entropy and mutual information. Neural computation, Vol. 15, 6 (2003), 1191--1253.Google Scholar
- Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In 12th ACM Asia Conf. on Computer and Communications Security. 506--519.Google ScholarDigital Library
- Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2016. Distillation as a defense to adversarial perturbations against deep neural networks. In 37th IEEE symposium on Security and Privacy. 582--597.Google ScholarCross Ref
- David E Rumelhart, Geoffrey E Hinton, and Ronald J Williams. 1986. Learning representations by back-propagating errors. Nature, Vol. 323, 6088 (1986), 533--536.Google ScholarCross Ref
- Simone Scardapane, Michele Scarpiniti, Enzo Baccarelli, and Aurelio Uncini. 2020. Why should we add early exits to neural networks? Cognitive Computation, Vol. 12, 5 (2020), 954--966.Google ScholarCross Ref
- Claude E Shannon. 1949. Communication theory of secrecy systems. The Bell system technical journal, Vol. 28, 4 (1949), 656--715.Google Scholar
- Ilia Shumailov, Zakhar Shumaylov, Dmitry Kazhdan, Yiren Zhao, Nicolas Papernot, Murat A Erdogdu, and Ross J Anderson. 2021a. Manipulating SGD with data ordering attacks. Advances in Neural Information Processing Systems, Vol. 34 (2021), 18021--18032.Google Scholar
- Ilia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, and Ross Anderson. 2021b. Sponge examples: Energy-latency attacks on neural networks. In 6th IEEE European Symposium on Security and Privacy. 212--231.Google ScholarCross Ref
- Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv:1409.1556.Google Scholar
- Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: A simple way to prevent neural networks from overfitting. Journal of Machine Learning Research, Vol. 15, 1 (2014), 1929--1958.Google ScholarDigital Library
- Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. 2011. The German Traffic Sign Recognition Benchmark: A multi-class classification competition. In IEEE International Joint Conf. on Neural Networks. 1453--1460.Google ScholarCross Ref
- Timothy Stevens, Christian Skalka, Christelle Vincent, John Ring, Samuel Clark, and Joseph Near. 2022. Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with Errors. In 31st USENIX Security Symposium. 1379--1395.Google Scholar
- Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv:1312.6199.Google Scholar
- Surat Teerapittayanon, Bradley McDanel, and Hsiang-Tsung Kung. 2016. Branchynet: Fast inference via early exiting from deep neural networks. In 23rd IEEE International Conf. on Pattern Recognition. 2464--2469.Google ScholarCross Ref
- Surat Teerapittayanon, Bradley McDanel, and Hsiang-Tsung Kung. 2017. Distributed deep neural networks over the cloud, the edge and end devices. In 37th IEEE International Conf. on Distributed Computing Systems. 328--339.Google ScholarCross Ref
- Stacey Truex, Nathalie Baracaldo, Ali Anwar, Thomas Steinke, Heiko Ludwig, Rui Zhang, and Yi Zhou. 2019. A hybrid approach to privacy-preserving federated learning. In 12th ACM Workshop on Artificial Intelligence and Security. 1--11.Google ScholarDigital Library
- Pratik Vaishnavi, Kevin Eykholt, and Amir Rahmati. 2022. Transferring Adversarial Robustness Through Robust Representation Matching. In 31st USENIX Security Symposium. 2083--2098.Google Scholar
- Deepak Vasisht, Zerina Kapetanovic, Jongho Won, Xinxin Jin, Ranveer Chandra, Sudipta Sinha, Ashish Kapoor, Madhusudhan Sudarshan, and Sean Stratman. 2017. FarmBeats: An IoT platform for data-driven agriculture. In 14th USENIX Symposium on Networked Systems Design and Implementation. 515--529.Google Scholar
- Andreas Veit and Serge Belongie. 2018. Convolutional networks with adaptive inference graphs. In European Conf. on Computer Vision (ECCV). 3--18.Google ScholarDigital Library
- Chengcheng Wan, Henry Hoffmann, Shan Lu, and Michael Maire. 2020a. Orthogonalized SGD and nested architectures for anytime neural networks. In International Conf. on Machine Learning. PMLR, 9807--9817.Google Scholar
- Chengcheng Wan, Muhammad Santriaji, Eri Rogers, Henry Hoffmann, Michael Maire, and Shan Lu. 2020b. ALERT: Accurate learning for energy and timeliness. In USENIX Annual Technical Conf. 353--369.Google Scholar
- Xin Wang, Yujia Luo, Daniel Crankshaw, Alexey Tumanov, Fisher Yu, and Joseph E Gonzalez. 2017. Idk cascades: Fast deep learning by learning not to overthink. arXiv:1706.00885.Google Scholar
- Pete Warden. 2018. Speech commands: A dataset for limited-vocabulary speech recognition. arXiv:1804.03209.Google Scholar
- Kang Wei, Jun Li, Ming Ding, Chuan Ma, Howard H Yang, Farhad Farokhi, Shi Jin, Tony QS Quek, and H Vincent Poor. 2020. Federated learning with differential privacy: Algorithms and performance analysis. IEEE Transactions on Information Forensics and Security, Vol. 15 (2020), 3454--3469.Google ScholarDigital Library
- Lingxiao Wei, Bo Luo, Yu Li, Yannan Liu, and Qiang Xu. 2018. I know what you see: Power side-channel attack on convolutional neural network accelerators. In 34th Annual Computer Security Applications Conf. 393--406.Google ScholarDigital Library
- Michael Winkler, Klaus-Dieter Tuchs, Kester Hughes, and Graeme Barclay. 2008. Theoretical and practical aspects of military wireless sensor networks. Journal of Telecommunications and Information Technology (2008), 37--45.Google Scholar
- Han Xiao, Kashif Rasul, and Roland Vollgraf. 2017. Fashion-MNIST: A novel image dataset for benchmarking machine learning algorithms. arXiv:1708.07747.Google Scholar
- Shuochao Yao, Yiran Zhao, Aston Zhang, Lu Su, and Tarek Abdelzaher. 2017. DeepIoT: Compressing deep neural network structures for sensing systems with a compressor-critic framework. In 15th ACM Conf. on Embedded Network Sensor Systems. 1--14.Google ScholarDigital Library
- Kasim Sinan Yildirim, Amjad Yousef Majid, Dimitris Patoukas, Koen Schaper, Przemyslaw Pawelczak, and Josiah Hester. 2018. Ink: Reactive kernel for tiny batteryless sensors. In 16th ACM Conf. on Embedded Networked Sensor Systems. 41--53.Google ScholarDigital Library
- Honggang Yu, Haocheng Ma, Kaichen Yang, Yiqiang Zhao, and Yier Jin. 2020. DeepEM: Deep neural networks model recovery through EM side-channel information leakage. In IEEE Symposium on Hardware Oriented Security and Trust. 209--218.Google ScholarCross Ref
- Liekang Zeng, En Li, Zhi Zhou, and Xu Chen. 2019. Boomerang: On-demand cooperative deep neural network inference for edge intelligence on the industrial Internet of Things. IEEE Network, Vol. 33, 5 (2019), 96--103.Google ScholarDigital Library
- Wangchunshu Zhou, Canwen Xu, Tao Ge, Julian McAuley, Ke Xu, and Furu Wei. 2020. Bert loses patience: Fast and robust inference with early exit. Advances in Neural Information Processing Systems, Vol. 33 (2020), 18330--18341.Google Scholar
Index Terms
- Prediction Privacy in Distributed Multi-Exit Neural Networks: Vulnerabilities and Solutions
Recommendations
Extracting rules from neural networks for time series prediction
SoICT '14: Proceedings of the 5th Symposium on Information and Communication TechnologyA significant limitation of neural networks is that the representations they learn are usually incomprehensible to humans. There have been a number of research works that focused on how to extract rules from trained neural networks. Recently, Kamruzzaman ...
Mobile user movement prediction using bayesian learning for neural networks
IWCMC '07: Proceedings of the 2007 international conference on Wireless communications and mobile computingNowadays, path prediction is being extensively examined for use in the context of mobile and wireless computing towards more efficient network resource management schemes. Path prediction allows the network and services to further enhance the quality of ...
Multi-step Learning Rule for Recurrent Neural Models: An Application to Time Series Forecasting
Multi-step prediction is a difficult task that has attracted increasing interest in recent years. It tries to achieve predictions several steps ahead into the future starting from current information. The interest in this work is the development of ...
Comments