Imperceptible Trojan Attacks to the Graph-Based Big Data Processing in Smart Society

Abstract

Big data processing is a set of techniques or programming models, which can be deployed on both the cloud servers or edge nodes, to access large-scale data and extract useful information for supporting and providing decisions. Meanwhile, several typical domains of human activity in smart society, such as social networks, medical diagnosis, recommendation systems, transportation, and Internet of Things (IoT), often manage a vast collection of entities with various relationships, which can be naturally represented by the graph data structure. As one of the convincing solutions to carry out analytics for big data, graph processing is especially applicable for these application domains. However, either the intra-device or the inter-device data processing in the edge-cloud architecture is truly prone to be attacked by the malicious Trojans covertly embedded in the counterfeit processing systems developed by some third-party vendors in numerous practical scenarios, leading to identity theft, misjudgment, privacy disclosure, and so on. In this paper, for the first time to our knowledge, we specially build a novel attack model for ubiquitous graph processing in detail, which also has easy scalability for other applications in big data processing, and discuss some common existing mitigations accordingly. Multiple activation mechanisms of Trojans designed in our attack model effectively make the attacks imperceptible to users. Evaluations indicate that the proposed Trojans are highly competitive in stealthiness with trivial extra latency.