Nowadays, the deployment of deep learning based applications on edge devices is an essential task owing to the increasing demands on intelligent services. However, the limited computing resources on edge nodes make the models vulnerable to attacks, such that the predictions made by models are unreliable. In this paper, we investigate latency attacks on deep learning applications. Unlike common adversarial attacks for misclassification, the goal of latency attacks is to increase the inference time, which may stop applications from responding to the requests within a reasonable time. This kind of attack is ubiquitous for various applications, and we use object detection to demonstrate how such kind of attacks work. We also design a framework named Overload to generate latency attacks at scale. Our method is based on a newly formulated optimization problem and a novel technique, called spatial attention, to increase the inference time of object detection. We have conducted experiments using YOLOv5 models on Nvidia NX. The experimental results show that with latency attacks, the inference time of a single image can be increased ten times longer in reference to the normal setting. Moreover, comparing to existing methods, our attacking method is simpler and more effective.

翻译：如今，由于对智能服务的需求日益增长，在边缘设备上部署基于深度学习的应用已成为一项关键任务。然而，边缘节点上有限的计算资源使模型容易受到攻击，导致模型做出的预测不可靠。本文研究了针对深度学习应用的延迟攻击。与常见的旨在导致错误分类的对抗性攻击不同，延迟攻击的目标是增加推理时间，这可能导致应用无法在合理时间内响应请求。此类攻击在各种应用中普遍存在，我们以目标检测为例来演示其工作原理。我们还设计了一个名为Overload的框架，用于大规模生成延迟攻击。该方法基于新构建的优化问题以及一种名为空间注意力的新技术，以增加目标检测的推理时间。我们使用Nvidia NX平台上的YOLOv5模型进行了实验。实验结果表明，在延迟攻击下，单张图像的推理时间相比正常设置可增加十倍。此外，与现有方法相比，我们的攻击方法更简单且更有效。