AI model auditing scheme towards cloud-edge high-performance computing

AI model auditing scheme towards cloud-edge high-performance computing

연구 분야: Cryptography

학회: The Journal of Supercomputing

High-performance Computing (HPC) uses high-performance computers or computer clusters to handle complex computational tasks. Moreover, the cloud-edge architecture is well-suited for this computing model. In many HPC scenarios, specific AI models are trained on HPC and then distributed to edge servers closer to users, providing low-latency and high-efficiency intelligent services. However, ensuring the integrity of models presents a significant challenge, as even minor changes to model parameters can have substantial negative impacts on real-world applications. For example, a single erroneous instruction in intelligent transportation could lead to a traffic accident. To address this, periodic auditing of AI models stored on edge servers is necessary. We propose the AI Model Auditing scheme (AIMA), which leverages the characteristic that multiple edge servers locally store the model. A distributed and collaborative model integrity verification method is designed, eliminating the need for HPC to expend significant computational resources on generating homomorphic verification tags, which constitute the primary computational overhead in existing data auditing schemes. Additionally, we developed a consensus protocol tailored for AI model auditing based on Practical Byzantine Fault Tolerance (PBFT). By constructing a blockchain to record audit results, HPC can obtain tamper-proof model audit records. Furthermore, we introduce update strategies for AI models and edge server groups, enhancing the practicality of the proposed scheme. Finally, we analyze the security features of the scheme and validate its efficiency in a simulated cloud-edge HPC environment. Experimental results demonstrate that AIMA incurs lower computational overhead than the compared schemes during both the audit preparation and execution phases, while the computational and storage costs introduced by consensus remain entirely acceptable.