Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems

Zecheng He, Tianwei Zhang, Ruby B. Lee

Research output: Contribution to journalArticlepeer-review

49 Scopus citations


Benefiting from the advance of deep learning (DL) technology, Internet-of-Things (IoT) devices and systems are becoming more intelligent and multifunctional. They are expected to run various DL inference tasks with high efficiency and performance. This requirement is challenged by the mismatch between the limited computing capability of edge devices and large-scale deep neural networks. Edge-cloud collaborative systems are then introduced to mitigate this conflict, enabling resource-constrained IoT devices to host arbitrary DL applications. However, the introduction of third-party clouds can bring potential privacy issues to edge computing. In this article, we conduct a systematic study about the opportunities of attacking and protecting the privacy of edge-cloud collaborative systems. Our contributions are twofold: 1) we first devise a set of new attacks for an untrusted cloud to recover arbitrary inputs fed into the system, even if the attacker has no access to the edge device's data or computations, or permissions to query this system and 2) we empirically demonstrate that solutions that add noise fail to defeat our proposed attacks, and then propose two more effective defense methods. This provides insights and guidelines to develop more privacy-preserving collaborative systems and algorithms.

Original languageEnglish (US)
Article number9187880
Pages (from-to)9706-9716
Number of pages11
JournalIEEE Internet of Things Journal
Issue number12
StatePublished - Jun 15 2021

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications


  • Artificial intelligence
  • collaborative inference
  • edge-cloud computing
  • security and privacy


Dive into the research topics of 'Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems'. Together they form a unique fingerprint.

Cite this