Evaluation of DP-SGD Impact on TinyML-Optimized Models
Abstract
Deep learning models (DLMs) are applied to attack and anomaly detection in IoT networks. The tinyml paradigm enables local execution of these models with low resource consumption and increased privacy. However, DLMs can still leak data through adversarial attacks. This work implements a feedforward network for classification and an autoencoder for anomaly detection, both trained with DP-SGD on the IoT-23 dataset. The models were optimized with tinyml and deployed on a Raspberry Pi 4. The feedforward model retained 87% accuracy under strong privacy (ϵ = 0.5), while optimization reduced model size by up to 91%, RAM usage by 82%, and execution time by 80%. The combination of differential privacy and tinyml proved feasible for edge device security.References
Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., and Zhang, L. (2016). Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 308–318.
Bezerra, E. (2016). Introdução à aprendizagem profunda. Artigo–31º Simpósio Brasileiro de Banco de Dados–SBBD2016–Salvador.
Chua, L., Ghazi, B., Kamath, P., Kumar, R., Manurangsi, P., Sinha, A., and Zhang, C. (2024). How private is dp-sgd? arXiv preprint arXiv:2403.17673.
Dutta, L. and Bharali, S. (2021). Tinyml meets iot: A comprehensive survey. Internet of Things, 16:100461.
Dwork, C. (2006). Differential privacy. In International colloquium on automata, languages, and programming, pages 1–12. Springer.
Hubara, I., Nahshan, Y., Hanani, Y., Banner, R., and Soudry, D. (2021). Accurate post training quantization with small calibration sets. In International Conference on Machine Learning, pages 4466–4475. PMLR.
Huckelberry, J., Zhang, Y., Sansone, A., Mickens, J., Beerel, P. A., and Reddi, V. J. (2024). Tinyml security: Exploring vulnerabilities in resource-constrained machine learning systems. arXiv preprint arXiv:2411.07114.
Li, P., Pei, Y., and Li, J. (2023). A comprehensive survey on design and application of autoencoder in deep learning. Applied Soft Computing, 138:110176.
Nurmi, J., Xu, Y., Boutellier, J., and Tan, B. (2023). Sphere-dna: Privacy-preserving federated learning for ehealth. In 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), pages 1–6. IEEE.
Pustozerova, A., Baumbach, J., and Mayer, R. (2023). Differentially private federated learning: Privacy and utility analysis of output perturbation and dp-sgd. In 2023 IEEE International Conference on Big Data (BigData), pages 5549–5558. IEEE.
Radwan, A. Y., Shehab, M., and Alouini, M.-S. (2024). Tinyml nlp approach for semantic wireless sentiment classification. arXiv preprint arXiv:2411.06291.
Reis, C. H. (2021). Otimização de hiperparâmetros em redes neurais profundas. Minas Gerais.
Saranya, T., Jeyamala, D., Indra Priyadharshini, S., et al. (2024). A secure framework for miot: Tinyml-powered emergency alerts and intrusion detection for secure real-time monitoring. In 2024 8th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), pages 13–21. IEEE.
TensorFlow Privacy Team (2024). Dpkerasadamoptimizer: Differentially private adam optimizer for keras. [link]. Acesso em: 10 abr. 2025.
Vidal, I. d. C. (2020). Protecting: garantindo a privacidade de dados gerados em casas inteligentes localmente na borda da rede.
Zhou, H., Zhang, X., Feng, Y., Zhang, T., and Xiong, L. (2025). Efficient human activity recognition on edge devices using deepconv lstm architectures. Scientific Reports, 15(1):13830.
Bezerra, E. (2016). Introdução à aprendizagem profunda. Artigo–31º Simpósio Brasileiro de Banco de Dados–SBBD2016–Salvador.
Chua, L., Ghazi, B., Kamath, P., Kumar, R., Manurangsi, P., Sinha, A., and Zhang, C. (2024). How private is dp-sgd? arXiv preprint arXiv:2403.17673.
Dutta, L. and Bharali, S. (2021). Tinyml meets iot: A comprehensive survey. Internet of Things, 16:100461.
Dwork, C. (2006). Differential privacy. In International colloquium on automata, languages, and programming, pages 1–12. Springer.
Hubara, I., Nahshan, Y., Hanani, Y., Banner, R., and Soudry, D. (2021). Accurate post training quantization with small calibration sets. In International Conference on Machine Learning, pages 4466–4475. PMLR.
Huckelberry, J., Zhang, Y., Sansone, A., Mickens, J., Beerel, P. A., and Reddi, V. J. (2024). Tinyml security: Exploring vulnerabilities in resource-constrained machine learning systems. arXiv preprint arXiv:2411.07114.
Li, P., Pei, Y., and Li, J. (2023). A comprehensive survey on design and application of autoencoder in deep learning. Applied Soft Computing, 138:110176.
Nurmi, J., Xu, Y., Boutellier, J., and Tan, B. (2023). Sphere-dna: Privacy-preserving federated learning for ehealth. In 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), pages 1–6. IEEE.
Pustozerova, A., Baumbach, J., and Mayer, R. (2023). Differentially private federated learning: Privacy and utility analysis of output perturbation and dp-sgd. In 2023 IEEE International Conference on Big Data (BigData), pages 5549–5558. IEEE.
Radwan, A. Y., Shehab, M., and Alouini, M.-S. (2024). Tinyml nlp approach for semantic wireless sentiment classification. arXiv preprint arXiv:2411.06291.
Reis, C. H. (2021). Otimização de hiperparâmetros em redes neurais profundas. Minas Gerais.
Saranya, T., Jeyamala, D., Indra Priyadharshini, S., et al. (2024). A secure framework for miot: Tinyml-powered emergency alerts and intrusion detection for secure real-time monitoring. In 2024 8th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), pages 13–21. IEEE.
TensorFlow Privacy Team (2024). Dpkerasadamoptimizer: Differentially private adam optimizer for keras. [link]. Acesso em: 10 abr. 2025.
Vidal, I. d. C. (2020). Protecting: garantindo a privacidade de dados gerados em casas inteligentes localmente na borda da rede.
Zhou, H., Zhang, X., Feng, Y., Zhang, T., and Xiong, L. (2025). Efficient human activity recognition on edge devices using deepconv lstm architectures. Scientific Reports, 15(1):13830.
Published
2025-09-01
How to Cite
SILVA, Davi Bezerra Yada da; SANTOS, Aldri Luiz dos; BEZERRA, Jeandro de M..
Evaluation of DP-SGD Impact on TinyML-Optimized Models. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 979-986.
DOI: https://doi.org/10.5753/sbseg.2025.11481.
