Sponge attacks aim to increase the energy consumption and computation time of neural networks. In this work, we present a novel sponge attack called SkipSponge. SkipSponge is the first sponge attack that is performed directly on the parameters of a pre-trained model using only a few data samples. Our experiments show that SkipSponge can successfully increase the energy consumption of image classification models, GANs, and autoencoders requiring fewer samples than the state-of-the-art (Sponge Poisoning). We show that poisoning defenses are ineffective if not adjusted specifically for the defense against SkipSponge (i.e., they decrease target layer bias values). Our work shows that SkipSponge is more effective on the GANs and the autoencoders than Sponge Poisoning. Additionally, SkipSponge is stealthier than Sponge Poisoning as it does not require significant changes in the victim model's weights. Our experiments indicate that SkipSponge can be performed even when an attacker has access to only 1% of the entire dataset and reaches up to 13% energy increase.

翻译：海绵攻击旨在增加神经网络的能耗与计算时间。本文提出一种名为SkipSponge的新型海绵攻击方法。SkipSponge是首个仅需少量数据样本、直接在预训练模型参数上实施的海绵攻击。实验表明，相较于现有最佳方法（海绵投毒攻击），SkipSponge能以更少样本成功提升图像分类模型、生成对抗网络和自编码器的能耗。研究证明，若未针对SkipSponge攻击特性进行调整（即降低目标层偏置值），现有投毒防御机制将完全失效。实验结果显示，SkipSponge对生成对抗网络和自编码器的攻击效果优于海绵投毒攻击。此外，由于无需显著改变受害模型权重，SkipSponge具有更强的隐蔽性。实验数据表明，即使攻击者仅掌握1%的完整数据集，SkipSponge仍可实现最高13%的能耗提升。