Distributed deep neural networks (DNNs) have been shown to reduce the computational burden of mobile devices and decrease the end-to-end inference latency in edge computing scenarios. While distributed DNNs have been studied, to the best of our knowledge the resilience of distributed DNNs to adversarial action still remains an open problem. In this paper, we fill the existing research gap by rigorously analyzing the robustness of distributed DNNs against adversarial action. We cast this problem in the context of information theory and introduce two new measurements for distortion and robustness. Our theoretical findings indicate that (i) assuming the same level of information distortion, latent features are always more robust than input representations; (ii) the adversarial robustness is jointly determined by the feature dimension and the generalization capability of the DNN. To test our theoretical findings, we perform extensive experimental analysis by considering 6 different DNN architectures, 6 different approaches for distributed DNN and 10 different adversarial attacks to the ImageNet-1K dataset. Our experimental results support our theoretical findings by showing that the compressed latent representations can reduce the success rate of adversarial attacks by 88% in the best case and by 57% on the average compared to attacks to the input space.

翻译：分布式深度神经网络已被证实能够降低移动设备的计算负担，并在边缘计算场景中减少端到端推理延迟。尽管分布式DNN已得到广泛研究，但据我们所知，分布式DNN对对抗性行为的鲁棒性仍是一个悬而未决的问题。本文通过严格分析分布式DNN对抗对抗性行为的鲁棒性来填补现有研究空白。我们将该问题置于信息论框架下，引入两种新的失真度与鲁棒性度量指标。理论发现表明：(i)在相同信息失真度假设下，潜在特征始终比输入表征具有更强的鲁棒性；(ii)对抗鲁棒性由特征维度与DNN泛化能力共同决定。为验证理论发现，我们开展了包含6种不同DNN架构、6种不同分布式DNN方法及10种针对ImageNet-1K数据集的对抗攻击的广泛实验分析。实验结果表明，相较于对输入空间的攻击，压缩后的潜在表征在最优情况下可降低88%的对抗攻击成功率，平均降低幅度达57%，这一结果有力支撑了我们的理论发现。