What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to explore and solve the problem of vulnerability to adversarial attacks in TinyML (Tiny Machine Learning) systems on resource - constrained embedded hardware. Specifically, the research focuses on the following points: 1. **Transferability of adversarial attacks**: - Research shows that adversarial attacks on powerful host devices can be transferred to smaller, less - secure devices (such as ESP32 and Raspberry Pi). This reveals that these small devices are also vulnerable to adversarial attacks. 2. **Model extraction attacks and evasion attacks**: - The paper evaluates two main types of adversarial attacks: Model Extraction Attack and Evasion Attack. Through these attacks, researchers can test the vulnerability of AI models on small devices. 3. **Security challenges of TinyML systems**: - TinyML systems are usually deployed in sensitive environments, such as healthcare and industrial control fields. These systems process sensitive data and control critical infrastructure. Due to their resource limitations and limited computing power, TinyML systems are more vulnerable to attacks. Therefore, this study emphasizes the importance of strengthening security measures for TinyML deployments. 4. **Improving the security of TinyML systems**: - By revealing these vulnerabilities, the research provides valuable insights for the future security design of TinyML systems, emphasizing the necessity of protecting sensitive data and ensuring device reliability in edge - computing environments. ### Formula summary - **FGSM (Fast Gradient Sign Method) formula for generating adversarial samples**: \[ \text{adv}_x = x+\epsilon\cdot\text{sign}(\nabla_x J(\theta, x, y)) \] where: - \(\text{adv}_x\): adversarial sample - \(x\): original input data - \(y\): label corresponding to the input data - \(\theta\): original model parameters - \(\epsilon\): scalar value controlling the perturbation size - \(J(\theta, x, y)\): loss function of the model - \(\nabla_x J(\theta, x, y)\): gradient of the loss function with respect to input \(x\) - \(\text{sign}(\nabla_x J(\theta, x, y))\): sign of the gradient, taking the value of - 1 or 1 Through these studies, the author hopes to enhance the understanding of the security challenges of TinyML systems and provide guidance for future protection measures.