Practical side-channel based model extraction attack on tree-based machine learning algorithm
Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/147420 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-147420 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1474202021-07-05T07:10:50Z Practical side-channel based model extraction attack on tree-based machine learning algorithm Jap, Dirmanto Yli-Mäyry, Ville Ito, Akira Ueno, Rei Bhasin, Shivam Homma, Naofumi Applied Cryptography and Network Security Workshops. ACNS 2020 Temasek Laboratories Engineering::Computer science and engineering::Computing methodologies Hardware Security Machine Learning Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai, a small tree-based algorithm, can be successfully fitted in a small 8-bit microcontroller. However, the security of machine learning algorithm has also been a major concern, especially with the threat of secret parameter recovery which could lead to breach of privacy. With machine learning taking over a significant proportion of industrial tasks, the security issue has become a matter of concern. Recently, secret parameter recovery for neural network based algorithm using physical side-channel leakage has been proposed. In the paper, we investigate the security of widely used decision tree algorithms running on ARM Cortex M3 platform against electromagnetic (EM) side-channel attacks. We show that by focusing on each building block function or component, one could perform divide-and-conquer approach to recover the secret parameters. To demonstrate the attack, we first report the recovery of secret parameters of Bonsai, such as, sparse projection parameters, branching function and node predictors. After the recovery of these parameters, the attacker can then reconstruct the whole architecture. 2021-07-05T07:10:50Z 2021-07-05T07:10:50Z 2020 Conference Paper Jap, D., Yli-Mäyry, V., Ito, A., Ueno, R., Bhasin, S. & Homma, N. (2020). Practical side-channel based model extraction attack on tree-based machine learning algorithm. Applied Cryptography and Network Security Workshops. ACNS 2020, 12418 LNCS, 93-105. https://dx.doi.org/10.1007/978-3-030-61638-0_6 9783030616373 https://hdl.handle.net/10356/147420 10.1007/978-3-030-61638-0_6 2-s2.0-85094109821 12418 LNCS 93 105 en © 2020 Applied Cryptography and Network Security Workshops. ACNS 2020. All rights reserved. |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies Hardware Security Machine Learning |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies Hardware Security Machine Learning Jap, Dirmanto Yli-Mäyry, Ville Ito, Akira Ueno, Rei Bhasin, Shivam Homma, Naofumi Practical side-channel based model extraction attack on tree-based machine learning algorithm |
| description |
Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai, a small tree-based algorithm, can be successfully fitted in a small 8-bit microcontroller. However, the security of machine learning algorithm has also been a major concern, especially with the threat of secret parameter recovery which could lead to breach of privacy. With machine learning taking over a significant proportion of industrial tasks, the security issue has become a matter of concern. Recently, secret parameter recovery for neural network based algorithm using physical side-channel leakage has been proposed. In the paper, we investigate the security of widely used decision tree algorithms running on ARM Cortex M3 platform against electromagnetic (EM) side-channel attacks. We show that by focusing on each building block function or component, one could perform divide-and-conquer approach to recover the secret parameters. To demonstrate the attack, we first report the recovery of secret parameters of Bonsai, such as, sparse projection parameters, branching function and node predictors. After the recovery of these parameters, the attacker can then reconstruct the whole architecture. |
| author2 |
Applied Cryptography and Network Security Workshops. ACNS 2020 |
| author_facet |
Applied Cryptography and Network Security Workshops. ACNS 2020 Jap, Dirmanto Yli-Mäyry, Ville Ito, Akira Ueno, Rei Bhasin, Shivam Homma, Naofumi |
| format |
Conference or Workshop Item |
| author |
Jap, Dirmanto Yli-Mäyry, Ville Ito, Akira Ueno, Rei Bhasin, Shivam Homma, Naofumi |
| author_sort |
Jap, Dirmanto |
| title |
Practical side-channel based model extraction attack on tree-based machine learning algorithm |
| title_short |
Practical side-channel based model extraction attack on tree-based machine learning algorithm |
| title_full |
Practical side-channel based model extraction attack on tree-based machine learning algorithm |
| title_fullStr |
Practical side-channel based model extraction attack on tree-based machine learning algorithm |
| title_full_unstemmed |
Practical side-channel based model extraction attack on tree-based machine learning algorithm |
| title_sort |
practical side-channel based model extraction attack on tree-based machine learning algorithm |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/147420 |
| _version_ |
1705151312742580224 |