Memristor Based Variation Enabled Differentially Private Learning Systems for Edge Computing in IoT

Edge AI (Artificial Intelligence) achieves real-time local data analysis for IoT systems, enabling low-power and high-speed operation, but comes with privacy-preserving requirements. Memristor based computing system is a promising solution for edge AI, but it needs a low-cost privacy protection mechanism due to limited resources. In this paper, we propose a Noise Distribution Normalization (NDN) method to add Gaussian distributed noise through hardware implementation, thereby achieving differential privacy in edge AI. Instead of using traditional algorithmic noise-insertion methods, we take advantage of inherent cycle-to-cycle variations of memristors during the weight-update process as the noise source, which does not incur extra software or hardware overhead. In one case study, the proposed method realizes ultra-low-cost DP-SGD (Differentially Private Stochastic Gradient De-scent) for edge AI in IoT systems, achieving a 3.5% to 15.5% av-erage recognition accuracy improvement under different noise levels, as compared with a baseline mechanism.