In recent years, on-device deep learning has gained attention as a means of developing affordable deep learning applications for mobile devices. However, on-device models are constrained by limited energy and computation resources. In the mean time, a poisoning attack known as sponge poisoning has been developed.This attack involves feeding the model with poisoned examples to increase the energy consumption during inference. As previous work is focusing on server hardware accelerators, in this work, we extend the sponge poisoning attack to an on-device scenario to evaluate the vulnerability of mobile device processors. We present an on-device sponge poisoning attack pipeline to simulate the streaming and consistent inference scenario to bridge the knowledge gap in the on-device setting. Our exclusive experimental analysis with processors and on-device networks shows that sponge poisoning attacks can effectively pollute the modern processor with its built-in accelerator. We analyze the impact of different factors in the sponge poisoning algorithm and highlight the need for improved defense mechanisms to prevent such attacks on on-device deep learning applications.

翻译：近年来，面向设备深度学习因能为移动设备开发经济高效的深度学习应用而受到关注。然而，设备端模型受限于有限的能源和计算资源。与此同时，一种名为海绵投毒的投毒攻击方法已被提出。该攻击通过向模型注入有毒样本，增加其在推理过程中的能量消耗。由于先前研究主要聚焦于服务器硬件加速器，本研究将海绵投毒攻击扩展至设备端场景，以评估移动设备处理器的脆弱性。我们提出了一种设备端海绵投毒攻击流水线，用于模拟流式推理和持续推理场景，以弥合设备端场景下的知识空白。通过对处理器和设备端网络的独家实验分析表明，海绵投毒攻击能够有效污染配备内置加速器的现代处理器。我们分析了海绵投毒算法中不同因素的影响，并强调需要改进防御机制以防止此类攻击对设备端深度学习应用造成的威胁。