RobustEdge: Low Power Adversarial Detection for Cloud-Edge Systems

In practical cloud-edge scenarios, where a resource constrained edge performs data acquisition and a cloud system (having sufficient resources) performs inference tasks with a deep neural network (DNN), adversarial robustness is critical for reliability and ubiquitous deployment. Adversarial detection is a prime adversarial defense technique used in prior literature. However, in prior detection works, the detector is attached to the classifier model and both detector and classifier work in tandem to perform adversarial detection that requires a high computational overhead which is not available at the lowpower edge. Therefore, prior works can only perform adversarial detection at the cloud and not at the edge. This means that in case of adversarial attacks, the unfavourable adversarial samples must be communicated to the cloud which leads to energy wastage at the edge device. Therefore, a low-power edge-friendly adversarial detection method is required to improve the energy efficiency of the edge and robustness of the cloud-based classifier. To this end, RobustEdge proposes Quantization-enabled Energy Separation (QES) training with “early detection and exit” to perform edge-based low cost adversarial detection. The QEStrained detector implemented at the edge blocks adversarial data transmission to the classifier model, thereby improving adversarial robustness and energy-efficiency of the Cloud-Edge system. Through extensive experiments on CIFAR10, CIFAR100 and TinyImagenet, we find that 16-bit and 12-bit quantized detectors achieve a high AUC score $>$ 0.9 while improving the energy-efficiency of the cloud-edge system by $>166\times$ compared to prior cloud-based adversarial detection approaches.