Split Edge-Cloud Neural Networks for Better Adversarial Robustness

Cloud computing is a critical component in the success of 5G and 6G networks, particularly given the computation-intensive nature of emerging applications. Despite all it advantages, cloud computing faces limitations in meeting the strict latency and bandwidth requirements of applications such as eHealth and automotive systems. To overcome these limitations, edge computing has emerged as a novel paradigm that bring computation closer to the user. Moreover, intelligent tasks such as deep learning ones demand more memory and processing power than edge devices can handle. To address these challenges, methods like quantization, pruning, and distributed inference have been proposed. Similarly, this paper study a promising approach for running deep learning models at the edge: split neural networks (SNN). SNNs feature a neural network architecture with multiple early exit points, allowing the model to make confident decisions at earlier layers without processing the entire network. This not only reduces memory and computational demands but it also makes SNNs well-suited for edge computing applications. As the use of SNNs expands, ensuring their safety-particularly their robustness to perturbations-becomes crucial for deployment in safety-critical scenarios. This paper presents the first in-depth study on the robustness of split Edge Cloud neural networks. We review state-of-the-art robustness certification techniques and evaluate SNN robustness using the auto_LiRPA and Auto Attack libraries, comparing them to standard neural networks. Our results demonstrate that SNNs reduce average inference time by 75'% and certify 4 to 10 times more images as robust, while improving overall robustness accuracy by 1% to 10%.