Prototype-Guided Defense in Edge AI: Securing Distributed Inference Against Model Poisoning in Resource-Constrained Systems

Authors

  • Fei Luo School of Electrical Engineering and Computer Science, Oregon State University, Corvallis, OR, USA.
  • Bastian Steele Department of Computer Science, University of Alabama at Birmingham, Birmingham, AL, USA.
  • Leif L. Johnston Department of Computer Science and Engineering, University of Nevada, Reno, Reno, NV, USA.

Keywords:

edge AI, model poisoning, prototype learning, distributed inference, resource-constrained systems, adversarial defense, system architecture

Abstract

The proliferation of edge artificial intelligence has enabled distributed inference across heterogeneous, resource-constrained devices, yet this architectural shift introduces acute vulnerabilities to model poisoning attacks that corrupt local updates or inference outputs. Traditional defense mechanisms, often designed for centralized cloud environments, impose prohibitive computational and communication overheads when adapted to the periphery of the network. This paper presents a systemic framework for prototype-guided defense, a technique that leverages representative class prototypes to detect and mitigate anomalous parameter deviations during distributed inference. We argue that prototype learning offers a structurally lightweight, intrinsically interpretable mechanism for securing edge AI systems without demanding substantial memory, bandwidth, or energy budgets. The exposition covers the threat model of targeted model poisoning in split inference and federated edge settings, the architectural incorporation of prototype consistency checks into local inference nodes, and the resulting trade-offs among security, accuracy, latency, and resource consumption. Broader implications for governance, sustainability, and fairness are examined, including the risk of prototype bias amplification and the need for standardized verification protocols. Through cross-domain analysis spanning autonomous vehicles, smart healthcare, and industrial IoT, we demonstrate that prototype-guided defenses, when carefully calibrated, can significantly strengthen the resilience of edge AI deployments. The paper concludes with forward-looking recommendations for policy frameworks and open research directions that balance security guarantees with the inherent constraints of embedded systems.

References

1. McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 54, 1273–1282.

2. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to backdoor federated learning. Proceedings of the 23rd International Conference on Artificial Intelligence and Statistics, 108, 2938–2948.

3. Vepakomma, P., Swedish, T., Raskar, R., Gupta, O., & Dubey, A. (2018). No need to know each other — Secure and communication-efficient split learning. arXiv preprint arXiv:1810.09115.

4. Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in Neural Information Processing Systems, 30, 119–129.

5. Snell, J., Swersky, K., & Zemel, R. (2017). Prototypical networks for few-shot learning. Advances in Neural Information Processing Systems, 30, 4077–4087.

6. Yin, D., Chen, Y., Kannan, R., & Bartlett, P. (2018). Byzantine-robust distributed learning: Towards optimal statistical rates. Proceedings of the 35th International Conference on Machine Learning, 80, 5650–5659.

7. Shui, Y., Jin, R., Dou, Z., & Gao, Z. (2026). ProtoGuard-SL: Prototype Consistency Based Backdoor Defense for Vertical Split Learning. arXiv preprint arXiv:2604.03595.

8. Li, W., Xu, Z., & Jiang, L. (2019). Attentive prototypes for image recognition. IEEE Transactions on Pattern Analysis and Machine Intelligence, 42(8), 2032–2045.

9. Cao, D., & Wang, Y. (2021). Gradient-based prototype learning for backdoor detection in neural networks. Proceedings of the AAAI Conference on Artificial Intelligence, 35(8), 6856–6864.

10. Xie, C., Koyejo, O., & Gupta, I. (2020). Fall of empires: Breaking Byzantine-robust training by attacking the aggregation rule. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 11741–11750.

11. Chen, L., Zheng, Z., & Luo, X. (2022). Lightweight defensive distillation for edge AI. ACM Transactions on Embedded Computing Systems, 21(6), 1–22.

12. Guerraoui, R., & Huc, F. (2019). Asynchronous Byzantine consensus with trusted components. Proceedings of the 39th IEEE International Conference on Distributed Computing Systems, 405–415.

13. Baruch, G., Baruch, M., & Goldberg, Y. (2019). A little is enough: Circumventing defenses for distributed learning. Advances in Neural Information Processing Systems, 32, 8635–8645.

14. Lane, N. D., Bhattacharya, S., Georgiev, P., Forlivesi, C., & Kawsar, F. (2017). DeepX: A software accelerator for low-power deep learning inference on mobile devices. Proceedings of the 15th ACM Conference on Embedded Networked Sensor Systems, 1–14.

15. Sze, V., Chen, Y. H., Yang, T. J., & Emer, J. S. (2017). Efficient processing of deep neural networks: A tutorial and survey. Proceedings of the IEEE, 105(12), 2295–2329.

16. Fang, C., Cao, Y., & Peng, W. (2020). Local and non-local defenses against model poisoning in federated learning. IEEE Transactions on Dependable and Secure Computing, 19(3), 1907–1920.

17. European Union Agency for Cybersecurity. (2021). Cybersecurity challenges in the uptake of artificial intelligence in the EU. ENISA Report.

18. Jones, N. (2018). How to stop data centres from gobbling up the world’s electricity. Nature, 561(7722), 163–166.

19. Mehrabi, N., Morstatter, F., Saxena, N., Lerman, K., & Galstyan, A. (2021). A survey on bias and fairness in machine learning. ACM Computing Surveys, 54(6), 1–35.

20. U.S. Food and Drug Administration. (2021). Artificial intelligence and machine learning in software as a medical device. FDA Guidance.

21. Geiger, A., Lenz, P., & Urtasun, R. (2012). Are we ready for autonomous driving? The KITTI vision benchmark suite. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 3354–3361.

22. Rieke, N., Hancox, J., Li, W., Milletari, F., Roth, H. R., Albarqouni, S., ... & Cardoso, M. J. (2020). The future of digital health with federated learning. NPJ Digital Medicine, 3(1), 1–7.

Downloads

Published

2026-05-17

How to Cite

Fei Luo, Bastian Steele, & Leif L. Johnston. (2026). Prototype-Guided Defense in Edge AI: Securing Distributed Inference Against Model Poisoning in Resource-Constrained Systems. Computer Science and Engineering Transactions, 4(1). Retrieved from https://csetx.org/index.php/cset/article/view/137

Issue

Vol. 4 No. 1 (2026): Computer Science and Engineering Transactions

Section

Articles

License

Copyright (c) 2026 Computer Science and Engineering Transactions

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.