Deep Learning Security for IoT

Han Wu, University of Exeter, the U.K.

Research Website

Background

Is Deep Learning secure for IoT?

Deep Learning on IoT Edge Devices

Autonomous Driving: The IoT in Automotive

Adversarial attacks against image classification ^[1]

Adversarial attacks against object detection

[1] J. Z. Kolter and A. Madry, Adversarial Robustness - Theory and Practice, NeurIPS 2018 tutorial.

Deep Learning Models are vulnerable to Adversarial Attacks.

1. High-End: Linux

2. High-End: RT-Thread Smart

3. Middle-End: RT-Thread

IoT Devices consist of High-End, Middle-End, and Low-End Devices.

Now we know that deep learning models are vulnerable to adversarial attacks. What does this mean for IoT? Can we attack deep learning models deployed on edge devices? Well, IoT devices consist of High-End, Middle-End, and Low-End Devices.

High-End Devices such as raspberry pi, can run Linux, and we can deply deep learning models on them. We can also run the smart version of RT-Thread on High-End devices. While for middle-end devices, such as 32-bit microcontrollers, we use the standard version of RT-Thread.

We will not talk about Low-End devices today, such as Arduino, 8-bit microcontrollers, because they do not have enough memory to run an operating system, and I already introduced how to program low-end 8-bit microcontrollers in my previous talk, right?

So, we focus on high-end and middle-end devices today. I will introduce how we attack deep learning models deployed on both high-end and middle-end devices in real time. (3min)

Adversarial Detection

Attacking Object Detection in Real Time.

Man-in-the-Middle Attack

A hardware attack against Object Detection.

Step 1: Generating the perturbation

Prior Research Our Method

No learning rate decay With learning rate decay

Our method generates more bounding boxes, and have less variation.

Step 2: Applying the perturbation

From Linux to RT-Thread Smart

From Monolithic to Microkernel RTOS

From RT-Smart to RT-Thread

From High-End Devices to Middle-End Devices.

Adversarial Classification

Attacking Image Classification Cloud Services.

Demo: DeepAPI via RT-Thread

Access Image Classification Cloud Service on MCU.

Deep Learning Models are vulnerable to Adversarial Attacks.

High-End: Linux

High-End: RT-Smart

Middle-End: RT-Thread

IoT Devices consist of High-End, Middle-End, and Low-End Devices.

Thanks

RT-Thread Community

https://iot.wuhanstudio.uk

Research Website