Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
98 tokens/sec
GPT-4o
11 tokens/sec
Gemini 2.5 Pro Pro
52 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
15 tokens/sec
DeepSeek R1 via Azure Pro
33 tokens/sec
Gemini 2.5 Flash Deprecated
12 tokens/sec
2000 character limit reached

The Impact of Uniform Inputs on Activation Sparsity and Energy-Latency Attacks in Computer Vision (2403.18587v1)

Published 27 Mar 2024 in cs.CR, cs.CV, and cs.LG

Abstract: Resource efficiency plays an important role for machine learning nowadays. The energy and decision latency are two critical aspects to ensure a sustainable and practical application. Unfortunately, the energy consumption and decision latency are not robust against adversaries. Researchers have recently demonstrated that attackers can compute and submit so-called sponge examples at inference time to increase the energy consumption and decision latency of neural networks. In computer vision, the proposed strategy crafts inputs with less activation sparsity which could otherwise be used to accelerate the computation. In this paper, we analyze the mechanism how these energy-latency attacks reduce activation sparsity. In particular, we find that input uniformity is a key enabler. A uniform image, that is, an image with mostly flat, uniformly colored surfaces, triggers more activations due to a specific interplay of convolution, batch normalization, and ReLU activation. Based on these insights, we propose two new simple, yet effective strategies for crafting sponge examples: sampling images from a probability distribution and identifying dense, yet inconspicuous inputs in natural datasets. We empirically examine our findings in a comprehensive evaluation with multiple image classification models and show that our attack achieves the same sparsity effect as prior sponge-example methods, but at a fraction of computation effort. We also show that our sponge examples transfer between different neural networks. Finally, we discuss applications of our findings for the good by improving efficiency by increasing sparsity.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (37)
  1. Bad characters: Imperceptible nlp attacks. In Proc. of IEEE Symposium on Security and Privacy (S&P), 2022.
  2. Language models are few-shot learners. In Advances in Neural Information Proccessing Systems (NeurIPS), 2020.
  3. Stateful detection of black-box adversarial attacks. In Proc. of the ACM Workshop on Security and Privacy on Artificial Intelligence (SPAI), 2020.
  4. Nmtsloth: understanding and testing efficiency degradation of neural machine translation systems. In Proc. of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2022a.
  5. NICGSlowDown: Evaluating the efficiency robustness of neural image caption generation models. In Proc. of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2022b.
  6. The dark side of dynamic routing neural networks: Towards efficiency backdoor injection. In Proc. of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2023.
  7. Energy-latency attacks via sponge poisoning. arXiv:2203.08147, 2023.
  8. G. Georgiadis. Accelerating convolutional neural networks via activation map compression. In Proc. of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
  9. Learning both weights and connections for efficient neural networks. In Advances in Neural Information Proccessing Systems (NIPS), 2015.
  10. Eie: Efficient inference engine on compressed deep neural network. In Proc. of the International Symposium on Computer Architecture (ISCA), 2016.
  11. Dynamic neural networks: A survey. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2022.
  12. M. Haque and W. Yang. Dynamic neural network is all you need: Understanding the robustness of dynamic mechanisms in neural networks. In Proc. of the IEEE/CVF International Conference on Computer Vision Workshops (ICCVW), 2023.
  13. Ilfo: Adversarial attack on adaptive neural networks. In Proc. of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2020.
  14. Antinode: Evaluating efficiency robustness of neural ODEs. In Proc. of the IEEE/CVF International Conference on Computer Vision Workshops (ICCVW), 2023.
  15. Deep residual learning for image recognition. In Proc. of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2016.
  16. A panda? no, it’s a sloth: Slowdown attacks on adaptive multi-exit neural network inference. In International Conference on Learning Representations (ICLR), 2021.
  17. Densely connected convolutional networks. In Proc. of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2017.
  18. S. Ioffe and C. Szegedy. Batch normalization: Accelerating deep network training by reducing internal covariate shift. In Proc. of the Internation Conference on Machine Learning (PMLR), 2015.
  19. Gist: Efficient data encoding for deep neural network training. In Proc. of the International Symposium on Computer Architecture (ISCA), 2018.
  20. Sparsity-aware and re-configurable npu architecture for samsung flagship mobile soc. In Proc. of the International Symposium on Computer Architecture (ISCA), 2021.
  21. Snicit: Accelerating sparse neural network inference via compression at inference time on gpu. In Proc. of the International Conference on Parallel Processing (ICPP), 2023.
  22. M. G. Kendall. A New Measure of Rank Correlation. Biometrika, 1938.
  23. Inducing and exploiting activation sparsity for fast inference on deep neural networks. In Proc. of Int. Conference on Machine Learning (ICML), 2020.
  24. Tensordash: Exploiting sparsity to accelerate deep neural network training. In Proc. of the IEEE/ACM International Symposium on Microarchitecture (MICRO), 2020.
  25. Denial-of-service attacks on battery-powered mobile computers. In Proc. of the IEEE International Conference on Pervasive Computing and Communications (PerCom), 2004.
  26. Accelerating sparse deep neural networks. arXiv:2104.08378, 2021.
  27. Characterizing sources of ineffectual computations in deep learning networks. In IEEE International Symposium on Workload Characterization (IISWC), 2018.
  28. Exploiting activation sparsity for fast cnn inference on mobile gpus. ACM Transactions on Embedded Computing Systems (TECS), 2021.
  29. Scnn: An accelerator for compressed-sparse convolutional neural networks. In Proc. of the International Symposium on Computer Architecture (ISCA), 2017.
  30. Carbon emissions and large neural network training. arXiv:2104.10350, 2021.
  31. Compressing dma engine: Leveraging activation sparsity for training deep neural networks. In IEEE International Symposium on High Performance Computer Architecture (HPCA), 2018.
  32. ImageNet Large Scale Visual Recognition Challenge. International Journal of Computer Vision (IJCV), 2015.
  33. Mobilenetv2: Inverted residuals and linear bottlenecks. In Proc. of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
  34. Phantom sponges: Exploiting non-maximum suppression to attack deep object detectors. In IEEE/CVF Winter Conference on Applications of Computer Vision (WACV), 2023.
  35. Bit fusion: Bit-level dynamically composable architecture for accelerating deep neural network. In Proc. of the International Symposium on Computer Architecture (ISCA), 2018.
  36. Sponge examples: Energy-latency attacks on neural networks. In Proc. of IEEE European Symposium on Security and Privacy (EuroS&P), 2021.
  37. Attention is all you need. In Advances in Neural Information Proccessing Systems (NIPS), 2017.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets