期刊
IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II-EXPRESS BRIEFS
卷 68, 期 1, 页码 501-505出版社
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TCSII.2020.3012005
关键词
Training; Predictive models; Perturbation methods; Jacobian matrices; Mathematical model; Circuits and systems; Deep neural network; side-channel attack; adversarial attack
资金
- National Natural Science Foundation of China [61873241, 61973273, 61572439]
- Zhejiang Provincial Natural Science Foundation of China [LR19F030001]
The paper introduces a novel attack method called gray-box attack, which falls between white-box attack and black-box attack. It significantly outperforms existing techniques by utilizing side-channel attacks for model structure prediction.
Deep neural networks are becoming increasingly popular. However, they are also vulnerable to adversarial attacks. The existing attack methods include white-box attack and black-box attack. The white-box attack assumes full model knowledge while the black-box one assumes none. In this brief, we propose a novel attack method between these two. Specifically, we have made the following contributions: (1) we propose the gray-box attack, which utilizes the side-channel attack to predict the model structure based on a pre-trained classifier and (2) we validate our method on real-world experiments. The experimental results show that our gray-box attack can significantly outperform the existing techniques.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据
分享论文
