3.8 Proceedings Paper

DeepFreeze: Cold Boot Attacks and High Fidelity Model Recovery on Commercial EdgeML Device

出版社

IEEE
DOI: 10.1109/ICCAD51958.2021.9643512

关键词

Cold Boot Attack; EdgeML; Intel Neural Compute Stick 2; Model Recovery

资金

  1. National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme/Cyber-Hardware Forensic & Assurance Evaluation RD Programme [NRF2018NCR-NCR009-0001]

向作者/读者索取更多资源

This study demonstrates a cold boot attack method on NCS for recovering model architecture and some weights successfully, although there are errors in correcting the weights, they can be corrected using the knowledge distillation method.
EdgeML accelerators like Intel Neural Compute Stick 2 (NCS) can enable efficient edge-based inference with complex pre-trained models. The models are loaded in the host (like Raspberry Pi) and then transferred to NCS for inference. In this paper, we demonstrate practical and low-cost cold boot based model recovery attacks on NCS to recover the model architecture and weights, loaded from the Raspberry Pi. The architecture is recovered with 100% success and weights with an error rate of 0.04%. The recovered model reports maximum accuracy loss of 0.5% as compared to original model and allows high fidelity transfer of adversarial examples. We further extend our study to other cold boot attack setups reported in the literature with higher error rates leading to accuracy loss as high as 70%. We then propose a methodology based on knowledge distillation to correct the erroneous weights in recovered model, even without access to original training data. The proposed attack remains unaffected by the model encryption features of the OpenVINO and NCS framework.

作者

我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。

评论

主要评分

3.8
评分不足

次要评分

新颖性
-
重要性
-
科学严谨性
-
评价这篇论文

推荐

暂无数据
暂无数据