EdgeThemis: Ensuring Model Integrity for Edge Intelligence
Track: Security and privacy
Keywords: Model integrity, edge intelligence, edge computing
Abstract: Machine learning (ML) models are widely deployed on edge nodes, such as mobile phones and edge servers, to power a wide range of AI applications over the web. Ensuring the integrity of these edge models is paramount, as they are subject to corruption caused by software/hardware exceptions and malicious tampering, which may undermine model performance, incur economic losses, and pose health risks. Existing data integrity mechanisms designed for files stored on disks cannot properly verify the integrity of models running in GPUs or mitigate the new integrity threats against edge models. This paper proposes EdgeThemis, a novel mechanism for verifying the integrity of edge models through sentinel verification. To enable verifiability for a model $M$, EdgeThemis embeds a sentinel backdoor and a verification module into $M$. Then, a challenger can send verification requests to the edge node hosting $M$ to verify its integrity. Next, the sentinel activates the verification module to generate a unique integrity proof tied to the identity of the edge node for verification. Finally, the challenger can verify the integrity proof to detect model corruption. Theoretical analysis proves that EdgeThemis can properly mitigate potential integrity threats against edge models. Experiments demonstrate that EdgeThemis achieves a verification accuracy of 100.00\% across various models and different types of model corruption with robustness against replay attacks, theft attacks, and replacement attacks.
Submission Number: 1833
Loading