Security News > 2022 > June > Attacking the Performance of Machine Learning Systems
While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers' focus so far is on average-case performance.
We show how adversaries can exploit carefully-crafted sponge examples, which are inputs designed to maximise energy consumption and latency, to drive machine learning systems towards their worst-case performance.
Sponge examples are, to our knowledge, the first denial-of-service attack against the ML components of such systems.
Sponge examples frequently increase both latency and energy consumption of these models by a factor of 30×.
To demonstrate the effectiveness of sponge examples in the real world, we mount an attack against Microsoft Azure's translator and show an increase of response time from 1ms to 6s. We conclude by proposing a defense strategy: shifting the analysis of energy consumption in hardware from an average-case to a worst-case perspective.
Attackers were able to degrade the performance so much, and force the system to waste so many cycles, that some hardware would shut down due to overheating.