Please use this identifier to cite or link to this item:
Title: Live demonstration: man-in-the-middle attack on edge artificial intelligence
Authors: Hu, Bowen
He, Weiyang
Wang, Si
Liu, Wenye
Chang, Chip Hong
Keywords: Engineering
Issue Date: 2024
Source: Hu, B., He, W., Wang, S., Liu, W. & Chang, C. H. (2024). Live demonstration: man-in-the-middle attack on edge artificial intelligence. 2024 IEEE International Symposium on Circuits and Systems (ISCAS).
Project: NRF2018NCRNCR009-0001 
Conference: 2024 IEEE International Symposium on Circuits and Systems (ISCAS)
Abstract: Deep neural networks (DNNs) are susceptible to evasion attacks. However, digital adversarial examples are typically applied to pre-captured static images. The perturbations are generated by loss optimization with knowledge of target model hyperparameters and are added offline. Physical adversarial examples, on the other hand, tamper with the physical target or use a realistically fabricated target to fool the DNN. A sufficient number of pristine target samples captured under different varying environmental conditions are required to create the physical adversarial perturbations. Both digital and physical input evasion attacks are not robust against dynamic object scene variations and the adversarial effects are often weakened by model reduction and quantization when the DNNs are implemented on edge artificial intelligence (AI) accelerator platforms. This demonstration presents a practical man-in-the-middle (MITM) attack on an edge DNN first reported in [1]. A tiny MIPI FPGA chip with hardened CSI-2 and D-PHY blocks is attached between the camera and the edge AI accelerator to inject unobtrusive stripes onto the RAW image data. The attack is less influenced by dynamic context variations such as changes in viewing angle, illumination, and distance of the target from the camera.
DOI: 10.1109/ISCAS58744.2024.10558371
Schools: School of Electrical and Electronic Engineering 
Research Centres: Centre for Integrated Circuits and Systems 
Rights: © 2024 IEEE. All rights reserved. This article may be downloaded for personal use only. Any other use requires prior permission of the copyright holder. The Version of Record is available online at
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:EEE Conference Papers

Files in This Item:
File Description SizeFormat 
conference_101719.pdf418.85 kBAdobe PDFThumbnail

Page view(s)

Updated on Jul 19, 2024


Updated on Jul 19, 2024

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.