In recent years, on-device deep learning has gained attention as a means of developing affordable deep learning applications for mobile devices. However, on-device models are constrained by limited energy and computation resources. In the mean time, a poisoning attack known as sponge poisoning has been developed.This attack involves feeding the model with poisoned examples to increase the energy consumption during inference. As previous work is focusing on server hardware accelerators, in this work, we extend the sponge poisoning attack to an on-device scenario to evaluate the vulnerability of mobile device processors. We present an on-device sponge poisoning attack pipeline to simulate the streaming and consistent inference scenario to bridge the knowledge gap in the on-device setting. Our exclusive experimental analysis with processors and on-device networks shows that sponge poisoning attacks can effectively pollute the modern processor with its built-in accelerator. We analyze the impact of different factors in the sponge poisoning algorithm and highlight the need for improved defense mechanisms to prevent such attacks on on-device deep learning applications.

翻译：近年来，设备端深度学习因能为移动设备开发经济实惠的深度学习应用而备受关注。然而，设备端模型受限于有限的能量和计算资源。与此同时，一种名为"海绵投毒"的投毒攻击方法已被提出。该攻击通过向模型注入中毒样本，增加其推理阶段的能量消耗。鉴于先前研究主要聚焦于服务器硬件加速器，本研究将海绵投毒攻击扩展至设备端场景，以评估移动设备处理器的脆弱性。我们提出了一种设备端海绵投毒攻击流水线，通过模拟流式连续推理场景来弥合设备端场景下的知识空白。针对处理器与设备端网络的独家实验分析表明，海绵投毒攻击能有效污染配备内置加速器的现代处理器。我们分析了海绵投毒算法中不同因素的影响，并强调需改进防御机制以防止此类针对设备端深度学习应用的攻击。