Online data poisoning attack against edge AI paradigm for IoT-enabled smart city

Yanxu Zhu; Hong Wen; Jinsong Wu; Runhui Zhao; Yanxu Zhu; Hong Wen; Jinsong Wu; Runhui Zhao

doi:10.3934/mbe.2023788

Mathematical Biosciences and Engineering

2023, Volume 20, Issue 10: 17726-17746. doi: 10.3934/mbe.2023788

Previous Article Next Article

Research article Special Issues

Online data poisoning attack against edge AI paradigm for IoT-enabled smart city

1.
School of Aeronautics and Astronautics, University of Electronic Science and Technology of China, Chengdu 611731, China
2.
School of Artificial Intelligence, Guilin University of Electronic Technology, Guilin 510004, China
3.
Aircraft Swarm Intelligent Sensing and Cooperative Control Key Laboratory of Sichuan Province, Chengdu 611731, China
4.
Intelligent IoT Communication Technology Engineering Research Center, Chengdu 611731, China
5.
Department of Electrical Engineering, University of Chile, Santiago 8370451, Chile

Received: 28 June 2023 Revised: 05 August 2023 Accepted: 13 August 2023 Published: 15 September 2023

The deep integration of edge computing and Artificial Intelligence (AI) in IoT (Internet of Things)-enabled smart cities has given rise to new edge AI paradigms that are more vulnerable to attacks such as data and model poisoning and evasion of attacks. This work proposes an online poisoning attack framework based on the edge AI environment of IoT-enabled smart cities, which takes into account the limited storage space and proposes a rehearsal-based buffer mechanism to manipulate the model by incrementally polluting the sample data stream that arrives at the appropriately sized cache. A maximum-gradient-based sample selection strategy is presented, which converts the operation of traversing historical sample gradients into an online iterative computation method to overcome the problem of periodic overwriting of the sample data cache after training. Additionally, a maximum-loss-based sample pollution strategy is proposed to solve the problem of each poisoning sample being updated only once in basic online attacks, transforming the bi-level optimization problem from offline mode to online mode. Finally, the proposed online gray-box poisoning attack algorithms are implemented and evaluated on edge devices of IoT-enabled smart cities using an online data stream simulated with offline open-grid datasets. The results show that the proposed method outperforms the existing baseline methods in both attack effectiveness and overhead.

Keywords:

Citation: Yanxu Zhu, Hong Wen, Jinsong Wu, Runhui Zhao. Online data poisoning attack against edge AI paradigm for IoT-enabled smart city[J]. Mathematical Biosciences and Engineering, 2023, 20(10): 17726-17746. doi: 10.3934/mbe.2023788

Related Papers:

[1]	Mapundi K. Banda, Michael Herty, Axel Klar . Gas flow in pipeline networks. Networks and Heterogeneous Media, 2006, 1(1): 41-56. doi: 10.3934/nhm.2006.1.41
[2]	Michael Herty . Modeling, simulation and optimization of gas networks with compressors. Networks and Heterogeneous Media, 2007, 2(1): 81-97. doi: 10.3934/nhm.2007.2.81
[3]	Michael Herty, Veronika Sachers . Adjoint calculus for optimization of gas networks. Networks and Heterogeneous Media, 2007, 2(4): 733-750. doi: 10.3934/nhm.2007.2.733
[4]	Martin Gugat, Falk M. Hante, Markus Hirsch-Dick, Günter Leugering . Stationary states in gas networks. Networks and Heterogeneous Media, 2015, 10(2): 295-320. doi: 10.3934/nhm.2015.10.295
[5]	Mapundi K. Banda, Michael Herty, Axel Klar . Coupling conditions for gas networks governed by the isothermal Euler equations. Networks and Heterogeneous Media, 2006, 1(2): 295-314. doi: 10.3934/nhm.2006.1.295
[6]	Claus Kirchner, Michael Herty, Simone Göttlich, Axel Klar . Optimal control for continuous supply network models. Networks and Heterogeneous Media, 2006, 1(4): 675-688. doi: 10.3934/nhm.2006.1.675
[7]	Fabian Rüffler, Volker Mehrmann, Falk M. Hante . Optimal model switching for gas flow in pipe networks. Networks and Heterogeneous Media, 2018, 13(4): 641-661. doi: 10.3934/nhm.2018029
[8]	Didier Georges . Infinite-dimensional nonlinear predictive control design for open-channel hydraulic systems. Networks and Heterogeneous Media, 2009, 4(2): 267-285. doi: 10.3934/nhm.2009.4.267
[9]	Simone Göttlich, Oliver Kolb, Sebastian Kühn . Optimization for a special class of traffic flow models: Combinatorial and continuous approaches. Networks and Heterogeneous Media, 2014, 9(2): 315-334. doi: 10.3934/nhm.2014.9.315
[10]	Gunhild A. Reigstad . Numerical network models and entropy principles for isothermal junction flow. Networks and Heterogeneous Media, 2014, 9(1): 65-95. doi: 10.3934/nhm.2014.9.65

Abstract

References

[1]	Edge AI and Vision Alliance, 2023 Edge AI Technology Report, 2023. Available from: https://www.edge-ai-vision.com/2023/07/2023-edge-ai-technology-report/.
[2]	Y. LeCun, Y. Bengio, G. Hinton, Deep learning, Nature, 521 (2015), 436–444. https://doi.org/10.1038/nature14539 doi: 10.1038/nature14539
[3]	Z. Zhou, X. Chen, E. Li, L. Zeng, K. Luo, J. Zhang, Edge intelligence: Paving the last mile of artificial intelligence with edge computing, in Proceedings of IEEE, 107 (2019), 1738–1762. https://doi.org/10.1109/JPROC.2019.2918951
[4]	Z. Zhou, Y. Shuai, X. Chen, Edge intelligence: a new nexus of edge computing and artificial intelligence, Big Data Res., 5 (2019), 53–63. https://doi.org/10.11959/j.issn.2096-0271.2019013 doi: 10.11959/j.issn.2096-0271.2019013
[5]	X. Wang, Y. Han, V. C. M. Leung, D. Niyato, X. Yan, X. Chen, Convergence of edge computing and deep learning: A comprehensive survey, IEEE Commun. Surv. Tutorials, 22 (2020), 869–904. https://doi.org/10.1109/COMST.2020.2970550 doi: 10.1109/COMST.2020.2970550
[6]	S. Deng, H. Zhao, W. Fang, J. Yin, S. Dustdar, A.Y. Zomaya, Edge intelligence: The confluence of edge computing and artificial intelligence, IEEE Internet Things J., 7 (2020), 7457–7469. https://doi.org/10.1109/JIOT.2020.2984887 doi: 10.1109/JIOT.2020.2984887
[7]	Y. Li, Y. Yu, W. Susilo, Z. Hong, M. Guizani, Security and privacy for edge intelligence in 5G and beyond networks: Challenges and solutions, IEEE Wireless Commun., 28 (2021), 63–69. https://doi.org/10.1109/MWC.001.2000318 doi: 10.1109/MWC.001.2000318
[8]	M. S. Ansari, S. H. Alsamhi, Y. Qiao, Y. Ye, B. Lee, Security of distributed intelligence in edge computing: Threats and countermeasures, in The Cloud-to-Thing Continuum, Springer, (2020), 95–122.
[9]	B. Biggio, B. Nelson, P. Laskov, Poisoning attacks against support vector machines, preprint, arXiv: 1206.6389.
[10]	S. Mei, X. Zhu, Using machine teaching to identify optimal training-set attacks on machine learners, in Proceedings of the AAAI Conference on Artificial Intelligence, 29 (2015), 2871–2877. https://doi.org/10.1609/aaai.v29i1.9569
[11]	N. Müller, D. Kowatsch, K. Böttinger, Data poisoning attacks on regression learning and corresponding defenses, in 2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC), (2020), 80–89. https://doi.org/10.1109/PRDC50213.2020.00019
[12]	M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, B. Li, Manipulating machine learning: Poisoning attacks and countermeasures for regression learning, in 2018 IEEE Symposium on Security and Privacy (SP), (2018), 19–35. https://doi.org/10.1109/SP.2018.00057
[13]	T. Cerquitelli, M. Meo, M. Curado, L. Skorin-Kapov, E. E. Tsiropoulou, Machine learning empowered computer networks, Comput. Networks, 230 (2023), 109807. https://doi.org/10.1016/j.comnet.2023.109807 doi: 10.1016/j.comnet.2023.109807
[14]	P. W. Koh, J. Steinhart, P. Liang, Stronger data poisoning attacks break data sanitization defenses, Mach. Learn., 111 (2022), 1–47. https://doi.org/10.1007/s10994-021-06119-y doi: 10.1007/s10994-021-06119-y
[15]	C. Burkard, B. Lagesse, Analysis of causative attacks against SVMs learning from data streams, in Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics, (2017), 31–36. https://doi.org/10.1145/3041008.3041012
[16]	X. Zhang, X. Zhu, L. Lessard, Online data poisoning attack, preprint, arXiv: 1903.01666.
[17]	P. G. Margiotta, S. Goldt, G. Sanguinetti, Attacks on online learners: A teacher-student analysis, preprint, arXiv: 2305.11132.
[18]	Z. Hammoudeh, D. Lowd, Training data influence analysis and estimation: A survey, preprint, arXiv: 2212.04612.
[19]	M. Wojnowicz, B. Cruz, X. Zhao, B. Wallace, M. Wolff, J. Luan, et al., "Influence sketching": Finding influential samples in large-scale regressions, in 2016 IEEE International Conference on Big Data (Big Data), (2016), 3601–3612. https://doi.org/10.1109/BigData.2016.7841024
[20]	P. W. Koh, P. Liang, Understanding black-box predictions via influence functions, preprint, arXiv: 1703.04730.
[21]	Y. Wang, K. Chaudhuri, Data poisoning attacks against online learning, preprint, arXiv: 1808.08994.
[22]	M. A. Ramirez, S. Kim, H. A. Hamadi, E. Damiani, Y. J. Byon, T. Y. Kim, et al., Poisoning Attacks and Defenses on Artificial Intelligence: A Survey, preprint, arXiv: 2202.10276.
[23]	L. Bottou, Large-scale machine learning with stochastic gradient descent, in Proceedings of COMPSTAT'2010, (2010), 177–186. https://doi.org/10.1007/978-3-7908-2604-3_16
[24]	Y. Zhu, H. Wen, R. Zhao, Y. Jiang, Q. Liu, P. Zhang, Research on data poisoning attack against smart grid cyber-physical system based on edge computing, Sensors, 23 (2023), 4509. https://doi.org/10.3390/s23094509 doi: 10.3390/s23094509

This article has been cited by:

1.	Dustin Carrión-Ojeda, Rigoberto Fonseca-Delgado, Israel Pineda, Analysis of factors that influence the performance of biometric systems based on EEG signals, 2021, 165, 09574174, 113967, 10.1016/j.eswa.2020.113967
2.	Leila Farsi, Siuly Siuly, Enamul Kabir, Hua Wang, Classification of Alcoholic EEG Signals Using a Deep Learning Method, 2021, 21, 1530-437X, 3552, 10.1109/JSEN.2020.3026830
3.	Sumair Aziz, Muhammad Umar Khan, Zainoor Ahmad Choudhry, Afeefa Aymin, Adil Usman, 2019, ECG-based Biometric Authentication using Empirical Mode Decomposition and Support Vector Machines, 978-1-7281-2530-5, 0906, 10.1109/IEMCON.2019.8936174
4.	Muhammad Umar Khan, Sumair Aziz, Sara Ibraheem, Aqsa Butt, Hira Shahid, 2019, Characterization of Term and Preterm Deliveries using Electrohysterograms Signatures, 978-1-7281-2530-5, 0899, 10.1109/IEMCON.2019.8936292
5.	Dustin Carrion-Ojeda, Hector Mejia-Vallejo, Rigoberto Fonseca-Delgado, Pilar Gomez-Gil, Manuel Ramirez-Cortes, 2019, A method for studying how much time of EEG recording is needed to have a good user identification, 978-1-7281-5666-8, 1, 10.1109/LA-CCI47412.2019.9037054
6.	Andrei V. Kelarev, Xun Yi, Hui Cui, Leanne Rylands, Herbert F. Jelinek, A survey of state-of-the-art methods for securing medical databases, 2018, 5, 2375-1576, 1, 10.3934/medsci.2018.1.1
7.	Lu-di Wang, Wei Zhou, Ying Xing, Na Liu, Mahmood Movahedipour, Xiao-guang Zhou, A novel method based on convolutional neural networks for deriving standard 12-lead ECG from serial 3-lead ECG, 2019, 20, 2095-9184, 405, 10.1631/FITEE.1700413
8.	Qingxue Zhang, Dian Zhou, Xuan Zeng, 2017, Hear the heart: Daily cardiac health monitoring using Ear-ECG and machine learning, 978-1-5386-1104-3, 448, 10.1109/UEMCON.2017.8249110
9.	Yaroslav Voznyi, Mariia Nazarkevych, Volodymyr Hrytsyk, Nataliia Lotoshynska, Bohdana Havrysh, DESIGN OF BIOMETRIC PROTECTION AUTHENTIFICATION SYSTEM BASED ON K-AVERAGE METHOD, 2021, 4, 2663-4023, 85, 10.28925/2663-4023.2021.12.8595
10.	Mariya Nazarkevych, Yaroslav Voznyi, Volodymyr Hrytsyk, Ivanna Klyujnyk, Bohdana Havrysh, Nataliia Lotoshynska, 2021, Identification of Biometric Images by Machine Learning, 978-1-6654-4296-1, 95, 10.1109/ELIT53502.2021.9501064
11.	Ömer Kasim, Mustafa Tosun, Biometric Authentication from Photic Stimulated EEG Records, 2021, 35, 0883-9514, 1407, 10.1080/08839514.2021.1981660
12.	Fatma Mallouli, Nesrine Khelifi, Aya Hellal, Imen Ferjani, Nada Chaabane, Mejda Dakhlaoui, Houda Chamakhi, 2023, Biometric Authentification Comparison: Toward Secure Human Recognition, 979-8-3503-6151-3, 1264, 10.1109/CSCI62032.2023.00206
13.	Ilija Tanasković, Ljiljana B. Lazarević, Goran Knežević, Nikola Milosavljević, Olga Dubljević, Bojana Bjegojević, Nadica Miljković, CardioPRINT: Biometric identification based on the individual characteristics derived from the cardiogram, 2025, 265, 09574174, 126018, 10.1016/j.eswa.2024.126018
14.	Vinodhini Chinnayan Meiyalagan, Sabeenian Royappan Savarimuthu, 2025, 3279, 0094-243X, 020170, 10.1063/5.0263047

Reader Comments

Your name:*

Email:*
© 2023 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)