期刊
出版社
IEEE
DOI: 10.1109/ICEIC51217.2021.9369754
关键词
Timing analysis; High performance edge machine learning processing unit; Intel Compute Stick 2
类别
资金
- National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme/Cyber-Hardware Forensic & Assurance Evaluation RD Programme [NRF2018NCR-NCR009-0001]
This paper demonstrates the vulnerability of deployed deep learning models to timing side-channel attacks, where adversaries can reconstruct the model by measuring the execution time of the inference. The attack is validated on Intel Compute Stick 2 and is highlighted for its high success rate in cross-device setting.
Edge deep learning accelerators are optimised hardware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据