On the Neural Backdoor of Federated Generative Models in Edge Computing

With new applications made possible by the fusion of edge computing and artificial intelligence (AI) technologies, the global market capitalization of edge AI has risen tremendously in recent years. Deployment of pre-trained deep neural network (DNN) models on edge computing platforms, however, does not alleviate the fundamental trust assurance issue arising from the lack of interpretability of end-to-end DNN solutions. The most notorious threat of DNNs is the backdoor attack. Most backdoor attacks require a relatively large injection rate (≈ 10%) to achieve a high attack success rate. The trigger patterns are not always stealthy and can be easily detected or removed by backdoor detectors. Moreover, these attacks are only tested on DNN models implemented on general-purpose computing platforms. This paper proposes to use data augmentation for backdoor attacks to increase the stealth, attack success rate, and robustness. Different data augmentation techniques are applied independently on three color channels to embed a composite trigger. The data augmentation strength is tuned based on the Gradient Magnitude Similarity Deviation, which is used to objectively assess the visual imperceptibility of the poisoned samples. A rich set of composite triggers can be created for different dirty labels. The proposed attacks are evaluated on pre-activation ResNet18 trained with CIFAR-10 and GTSRB datasets, and EfficientNet-B0 trained with adapted 10-class ImageNet dataset. A high attack success rate of above 97% with only 1% injection rate is achieved on these DNN models implemented on both general-purpose computing platforms and Intel Neural Compute Stick 2 edge AI device. The accuracy loss of the poisoned DNNs on benign inputs is kept below 0.6%. The proposed attack is also tested to be resilient to state-of-the-art backdoor defense methods.

With the explosive development of mobile Internet and deep learning (DL), intelligent edge computing services based on collaborative learning are widely deployed in various application scenarios. These intelligent services include intelligent applications based on edge computing and DL-based optimization for edge computing (e.g., caching and communicating). However, in a wide variety of domains, DL has been found to be vulnerable to adversarial attacks, especially architecture-independent backdoor attacks. It embeds the attack pattern into the learned model and only performs the attack when it encounters the corresponding trigger. In this article, for the first time we analyze the impact of backdoor attacks on intelligent edge computing services. The simulation results demonstrate that once one or more edge nodes implement backdoor attacks, the embedded attack pattern will rapidly expand to all relevant edge nodes, which poses huge challenges to security-sensitive intelligent edge computing services. Subsequently, we analyze the trade-off between expected performance and ability to defend against backdoor attacks, which sheds new light on designing defense mechanisms for intelligent edge computing services. To address the challenges posed by backdoor attacks, we propose a stability-based defense mechanism. The experimental results demonstrate that the newly proposed defense mechanism can effectively defend against different levels of backdoor attacks without knowing whether there are adversaries, which is conducive to the deployment of the stability-based defense mechanism in real-world scenarios.

Advancements in artificial intelligence (AI) and machine learning (ML) have transformed biosensing technologies, enhancing data acquisition, analysis, and interpretation in biomedical diagnostics. This chapter explores AI integration into biosensing, focusing on natural language processing (NLP), large language models (LLMs), data augmentation, and various learning paradigms. These technologies improve biosensor sensitivity, precision, and real-time adaptability. NLP automates biomedical text extraction, while LLMs facilitate complex decision-making using vast datasets. Data augmentation mitigates dataset limitations, strengthening ML model training and reducing overfitting. Supervised learning drives predictive models for disease detection, whereas unsupervised learning uncovers hidden biomarker patterns. Reinforcement learning optimizes sensor operations, calibration, and autonomous control in dynamic environments. The chapter discusses case studies, emerging trends, and challenges in AI-driven biosensing. AI’s convergence with edge computing and Internet of Things (IoT)-enabled biosensors enhances real-time data processing, reducing latency and expanding accessibility in resource-limited settings. Ethical concerns, including data privacy, model interpretability, and regulatory compliance, must be addressed for responsible AI applications in biosensing. Future research should focus on developing AI models resilient to bias, capable of continuous learning, and optimized for low-power, portable biosensors. Addressing these challenges will enable AI-powered biosensing to advance precision medicine and improve global healthcare outcomes. Through interdisciplinary approaches, AI and ML will continue to drive the evolution of next-generation diagnostic solutions.

Edge computing and multi-access edge computing (MEC) are two recent paradigms of distributed computing that are growing due to the rise of the fifth-generation (5G) of broadband cellular networks. The development of edge computing and MEC architectures involves the hosting of applications close to the end-users, allowing: an improved privacy, given that critical data is not shared with other systems; a reduced communication latency; an improved application speed; and a more efficient energy use. However, many applications are challenged by edge computing and MEC. In the case of machine learning (ML) applications, there can be privacy rules that do not allow data to be shared among distinct edges. Additionally, the devices used to train ML models might present lower computational capabilities than traditional computers. In this work, we present a Federated ML architecture that uses decentralized data and light ML training techniques to fit ML models on the 5G Edge. Our system consists of edge nodes that train models using local data and a centralized node that aggregates the results. As a case study, an international revenue share fraud task is addressed by considering two real-world datasets obtained from a commercial provider of Telecom analytics solutions. We test our architecture using two iterations of a Federated ML method, then compare it with a centralized ML model that is currently adopted by the provider. The results show that the Federated Learning decentralized approach produces an excellent level of class discrimination and that the main models maintain the performance across two rounds of decentralized training and even surpass the existing centralized model. After validating the results with the Telecom provider, we have built a prototype technological architecture that can be deployed in a real-world MEC scenario.

Integrating Generative AI into Cloud-based ML pipelines is a revolutionary way of improving data augmentation and model improvement. Realistic synthetic data has been more accessible to generate through Generative models such as GANs and VAE because of their ability to generate synthetic data with higher quality and variability than traditional generative models. In this paper, I will discuss the adoptions that have been made utilizing generative AI in enhancing the data augmentation process and making robust models together with handling factors such as data bias and computational demands. It also explains future trends and directions, such as real-time generative AI, edge computing, and AI ethical practices. By tackling these difficulties and using the possibilities of generative AI, it is possible to improve the efficacy, the possibility of scale, and flexibility of technological systems of machine learning and create a more effective alliance between artificial intelligence and industries.

As urbanization accelerates, smart cities are emerging as innovative ecosystems that integrate technology to address challenges related to sustainability, mobility, and infrastructure. Among these technologies, edge computing has gained prominence as a transformative solution to optimize data processing and resource management in urban environments. This paper explores the role of edge computing in enabling efficient, real-time decision-making by bringing computational power closer to data sources. Unlike traditional cloud-centric models, edge computing reduces latency, enhances data security, and improves bandwidth utilization by distributing data processing across decentralized nodes. The integration of edge computing in smart cities supports various applications, including intelligent transportation systems, energy-efficient smart grids, and real-time public safety monitoring. By processing data locally, edge devices can handle massive volumes of information generated by Internet of Things (IoT) devices, ensuring seamless service delivery without overwhelming centralized systems. Furthermore, this decentralized approach enhances resilience by reducing dependency on remote servers, a crucial factor for mission-critical urban applications. A significant focus of this paper is on resource management, particularly the allocation of computational resources across edge nodes. Strategies such as dynamic resource scheduling, load balancing, and adaptive task offloading are analyzed for their effectiveness in maintaining operational efficiency. Moreover, the research highlights the importance of leveraging machine learning and artificial intelligence algorithms within edge computing frameworks to predict traffic patterns, optimize energy consumption, and enhance waste management systems. Security and privacy concerns, often considered barriers to edge computing adoption, are addressed through advanced encryption techniques and secure communication protocols. This paper also evaluates challenges associated with edge computing deployment, such as hardware limitations, interoperability issues, and the need for robust regulatory frameworks. Case studies from leading smart city projects illustrate successful implementations and offer insights into overcoming these obstacles. In addition to technical aspects, this research underscores the socioeconomic benefits of edge computing in urban settings. Improved public services, reduced environmental impact, and cost-effective infrastructure management demonstrate the potential of edge computing to revolutionize city living. By enabling real-time analytics and localized decision-making, edge computing supports a more responsive and adaptive urban ecosystem. The findings presented in this paper emphasize the critical role of edge computing in bridging the gap between urban challenges and technological solutions. As cities continue to evolve, adopting edge computing technologies will not only enhance operational efficiency but also foster innovation, sustainability, and inclusivity. Future research directions include exploring hybrid models combining edge and cloud computing, advancing hardware capabilities, and developing standardized frameworks to accelerate adoption. This paper contributes to the growing body of knowledge on edge computing, offering a comprehensive analysis of its applications, challenges, and potential in shaping the future of smart cities. By optimizing data processing and resource management, edge computing emerges as a cornerstone technology for creating smarter, more resilient urban environments.

The prediction of Multihop Latency (MHL) in Wireless Sensor Networks (WSNs) faces diverse challenges and is substantially addressed by the unintermittent growth of technologies such as Machine Learning (ML), edge computing, security mechanisms, and hybrid modelling models. Effectively handling the difficulty is crucial for attaining the full potential of prediction methods in diverse settings of the Internet of Things (IoT). Factors, namely transmission delays, node congestion, hop count, and energy constraints, are considered in MHL prediction, and also, ML is widely utilized for forecasting and alleviating latency in dynamic network environments. Recently, Deep Learning (DL) has gained popularity in network routing and is also applied to model the Multihop (MH) communication latency prediction in WSNs. This study presents a Multihop Communication Latency Prediction Using Dimensionality Reduction and Recurrent Neural Network (MCLP-DRRNN) technique in WSNs. The aim is to develop an efficient model for accurately predicting the latency of MH communication in WSNs. Initially, the min-max scaling-based data pre-processing is employed. Furthermore, the walrus optimization algorithm (WOA) technique is used for the Feature Selection (FS) process. Moreover, the Minimal Gated Unit (MGU) technique is employed for classification. Finally, the Group Theory Optimization Algorithm (GTOA) technique is implemented for tuning. The comparison analysis of the MCLP-DRRNN model revealed a superior accuracy value of 99.33% compared to existing techniques under the WSN MH dataset.

BackgroundA backdoor attack controls the output of a machine learning model in 2 stages. First, the attacker poisons the training data set, introducing a back door into the victim’s trained model. Second, during test time, the attacker adds an imperceptible pattern called a trigger to the input values, which forces the victim’s model to output the attacker’s intended values instead of true predictions or decisions. While backdoor attacks pose a serious threat to the reliability of machine learning–based medical diagnostics, existing backdoor attacks that directly change the input values are detectable relatively easily.ObjectiveThe goal of this study was to propose and study a robust backdoor attack on mortality-prediction machine learning models that use electronic health records. We showed that our backdoor attack grants attackers full control over classification outcomes for safety-critical tasks such as mortality prediction, highlighting the importance of undertaking safe artificial intelligence research in the medical field.MethodsWe present a trigger generation method based on missing patterns in electronic health record data. Compared to existing approaches, which introduce noise into the medical record, the proposed backdoor attack makes it simple to construct backdoor triggers without prior knowledge. To effectively avoid detection by manual inspectors, we employ variational autoencoders to learn the missing patterns in normal electronic health record data and produce trigger data that appears similar to this data.ResultsWe experimented with the proposed backdoor attack on 4 machine learning models (linear regression, multilayer perceptron, long short-term memory, and gated recurrent units) that predict in-hospital mortality using a public electronic health record data set. The results showed that the proposed technique achieved a significant drop in the victim’s discrimination performance (reducing the area under the precision-recall curve by at most 0.45), with a low poisoning rate (2%) in the training data set. In addition, the impact of the attack on general classification performance was negligible (it reduced the area under the precision-recall curve by an average of 0.01025), which makes it difficult to detect the presence of poison.ConclusionsTo the best of our knowledge, this is the first study to propose a backdoor attack that uses missing information from tabular data as a trigger. Through extensive experiments, we demonstrated that our backdoor attack can inflict severe damage on medical machine learning classifiers in practice.

Machine Learning (ML) model hatcheries have emerged to help ML model producers. The only thing that the ML model producer needs to do is upload the untrained ML model to the hatchery with a specific task and deploy the returned trained ML model into real-world applications. Although the local private data of the hatchery are not directly accessed by the ML model producer, some backdoor attacks can still steal the private data. These attacks add malicious backdoor codes into the untrained benign ML model and recover the private data in some specific operations after training. However, existing attacks more or less have some disadvantages, such as the limited quality of the stolen private data, seriously affecting the original model performance, and being easy to defend. To address these disadvantages, we propose a novel efficient white-box backdoor attack method called Parameter Combination Encoding Attack (PCEA), which leverages the linear combinations of parameters to remember the private data during training. We evaluate the performance of the proposed method on stolen image quality, testing accuracy, and sensitivity. The experimental results show that PCEA has a much higher quality of the stolen data and robustness while keeping the testing accuracy.

In this article, we propose a novel framework of mobile edge computing (MEC)-based hierarchical machine learning (ML) tasks distribution for the Industrial Internet of Things. It is assumed that a batch of ML tasks, such as anomaly detection, need to be executed timely in an MEC setting, where the devices have limited computing capability while the MEC server (MES) has rich computing resources. Thus, a small ML model for the device and a deep ML model for the MES are pretrained offline using historical data, and then they are deployed accordingly. However, offloading tasks to the MES introduces communications delay. Thus, each device must decide the portion of the tasks to offload to minimize the processing delay. Since the delay and the error of data processing are incurred by communications and ML computing, a joint optimization problem is formulated to minimize the total delay subject to the ML model complexity and inference error rate, data quality, computing capability at the device and MES, and communications bandwidth. A closed-form solution is derived analytically and an optimal offloading strategy selection algorithm is proposed. Insights are provided to understand the tradeoff between communications and ML computing in offloading decisions, and the effects of key parameters in the proposed algorithm are investigated. The numerical results demonstrate the effectiveness of the proposed algorithm.

Backdoor attacks to deep neural networks (DNNs) have received increasing attentions, particularly in applications from edge computing. The detection of backdoor attacks is a challenging task, due to the lack of transparency in DNN. In this paper, we design a novel method to detect backdoor attacks in deep neural networks, which is derived from the interpretability of a DNN. A comprehensive analysis of the critical path in DNN is conducted, based on which two indicators are proposed, including the correlation coefficient and the discrete degree. Conseqently, an efficient backdoor detection algorithm is proposed, which only needs a few runtime images to identify the backdoor attacks. Initial experiments indicated the efficiency.

Machine learning (ML) plays a key role in Intelligent Industrial Internet of Things (IIoT) applications. Processing of the computation-intensive ML tasks can be largely enhanced by applying edge computing (EC) to traditional cloud-based schemes. System optimizations in the existing works always ignore the inference accuracy of ML models with different complexities, and their impacts on error task inference. In this article, we propose a joint task offloading and resource allocation scheme for accuracy-aware machine-learning-based IIoT applications in an edge–cloud-based network architecture. We aim at minimizing the long-term average system cost affected by the task offloading, computing resource allocation, and inference accuracy of the ML models deployed on the sensors, edge server, and cloud server. The Lyapunov optimization technique is applied to convert the long-term stochastic optimization problem into a short-term deterministic problem. An optimal algorithm based on the general Benders decomposition (GBD) technology and a heuristic algorithm based on proportional computing resource allocation and task offloading strategy comparison are proposed to efficiently solve the problem, respectively. The performance of our scheme is proved by theoretical analysis and evaluated by extensive simulations conducted in multiple scenarios. Simulation results demonstrate the effectiveness and superiority of our two algorithms in comparison with several other schemes proposed by the existing works.

The unmanned aerial vehicles (UAVs) have been extensively used in providing intelligence such as target tracking. In our field experiments, a pre-trained deep neural network (DNN) is deployed on the UAV to identify a target from the captured video frames and enable UAV to keep tracking. However, tracking in real time by the DNN requires a lot of computational resources. This motivates us to consider offloading this type of machine learning (ML) tasks to a mobile edge computing (MEC) server. Specifically, we propose a novel hierarchical ML tasks distribution framework for the UAV tracking system, where the UAV is embedded with lower layers of the pre-trained convolutional neural network (CNN) model due to its limited computing capability, while the MEC server with rich computing resources will handle the higher layers of the CNN model. An optimization problem is formulated to minimize the CNN inference delay while taking into account the communications delay, computing time, and ML error. Insights are provided to understand the tradeoff between communications and ML computing in offloading decisions. Numerical results demonstrate the effectiveness of the proposed ML tasks distribution framework with the optimized offloading strategy.

Chapter 10 - Generative adversarial networks

Machine learning (ML) has automated a multitude of our day-to-day decision-making domains, such as education, employment, and driving automation. The continued success of ML largely depends on our ability to trust the model we are using. Recently, a new class of attacks called backdoor attacks have been developed. These attacks undermine the user’s trust in ML models. In this article, we present <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Neo</small> , a model agnostic framework to detect and mitigate such backdoor attacks in image classification ML models. For a given image classification model, our approach analyzes the inputs it receives and determines if the model is backdoored. In addition to this feature, we also mitigate these attacks by determining the correct predictions of the poisoned images. We have implemented <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Neo</small> and evaluated it against three state-of-the-art poisoned models. In our evaluation, we show that <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Neo</small> can detect <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\approx$</tex-math></inline-formula> 88% of the poisoned inputs on average and it is as fast as 4.4 ms per input image. We also compare our <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Neo</small> approach with the state-of-the-art defence methodologies proposed for backdoor attacks. Our evaluation reveals that despite being a blackbox approach, <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Neo</small> is more effective in thwarting backdoor attacks than the existing techniques. Finally, we also reconstruct the exact poisoned input for the user to effectively test their systems.