Practical side-channel based model extraction attack on tree-based machine learning algorithm

Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai...

Full description

Saved in:
Bibliographic Details
Main Authors: Jap, Dirmanto, Yli-Mäyry, Ville, Ito, Akira, Ueno, Rei, Bhasin, Shivam, Homma, Naofumi
Other Authors: 1st ACNS Workshop on Artificial Intelligence in Hardware Security (AIHWS 2020)
Format: Conference or Workshop Item
Language:English
Published: 2021
Subjects:
Online Access:https://hdl.handle.net/10356/147425
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-147425
record_format dspace
spelling sg-ntu-dr.10356-1474252021-08-10T06:00:26Z Practical side-channel based model extraction attack on tree-based machine learning algorithm Jap, Dirmanto Yli-Mäyry, Ville Ito, Akira Ueno, Rei Bhasin, Shivam Homma, Naofumi 1st ACNS Workshop on Artificial Intelligence in Hardware Security (AIHWS 2020) Temasek Laboratories @ NTU Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Machine Learning Algorithms Side-channel Attacks Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai, a small tree-based algorithm, can be successfully fitted in a small 8-bit microcontroller. However, the security of machine learning algorithm has also been a major concern, especially with the threat of secret parameter recovery which could lead to breach of privacy. With machine learning taking over a significant proportion of industrial tasks, the security issue has become a matter of concern. Recently, secret parameter recovery for neural network based algorithm using physical side-channel leakage has been proposed. In the paper, we investigate the security of widely used decision tree algorithms running on ARM Cortex M3 platform against electromagnetic (EM) side-channel attacks. We show that by focusing on each building block function or component, one could perform divide-and-conquer approach to recover the secret parameters. To demonstrate the attack, we first report the recovery of secret parameters of Bonsai, such as, sparse projection parameters, branching function and node predictors. After the recovery of these parameters, the attacker can then reconstruct the whole architecture. This work was performed in the Cooperative Research Project of the Research Institute of Electrical Communication, Tohoku University with Nanyang Technological University. This research was also supported in part by JST CREST Grant No. JPMJCR19K5, Japan. 2021-08-10T06:00:26Z 2021-08-10T06:00:26Z 2020 Conference Paper Jap, D., Yli-Mäyry, V., Ito, A., Ueno, R., Bhasin, S. & Homma, N. (2020). Practical side-channel based model extraction attack on tree-based machine learning algorithm. 1st ACNS Workshop on Artificial Intelligence in Hardware Security (AIHWS 2020), LNCS 12418, 93-105. https://dx.doi.org/10.1007/978-3-030-61638-0_6 9783030616373 https://hdl.handle.net/10356/147425 10.1007/978-3-030-61638-0_6 2-s2.0-85094109821 LNCS 12418 93 105 en © 2020 Springer Nature Switzerland AG. All rights reserved.
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence
Machine Learning Algorithms
Side-channel Attacks
spellingShingle Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence
Machine Learning Algorithms
Side-channel Attacks
Jap, Dirmanto
Yli-Mäyry, Ville
Ito, Akira
Ueno, Rei
Bhasin, Shivam
Homma, Naofumi
Practical side-channel based model extraction attack on tree-based machine learning algorithm
description Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai, a small tree-based algorithm, can be successfully fitted in a small 8-bit microcontroller. However, the security of machine learning algorithm has also been a major concern, especially with the threat of secret parameter recovery which could lead to breach of privacy. With machine learning taking over a significant proportion of industrial tasks, the security issue has become a matter of concern. Recently, secret parameter recovery for neural network based algorithm using physical side-channel leakage has been proposed. In the paper, we investigate the security of widely used decision tree algorithms running on ARM Cortex M3 platform against electromagnetic (EM) side-channel attacks. We show that by focusing on each building block function or component, one could perform divide-and-conquer approach to recover the secret parameters. To demonstrate the attack, we first report the recovery of secret parameters of Bonsai, such as, sparse projection parameters, branching function and node predictors. After the recovery of these parameters, the attacker can then reconstruct the whole architecture.
author2 1st ACNS Workshop on Artificial Intelligence in Hardware Security (AIHWS 2020)
author_facet 1st ACNS Workshop on Artificial Intelligence in Hardware Security (AIHWS 2020)
Jap, Dirmanto
Yli-Mäyry, Ville
Ito, Akira
Ueno, Rei
Bhasin, Shivam
Homma, Naofumi
format Conference or Workshop Item
author Jap, Dirmanto
Yli-Mäyry, Ville
Ito, Akira
Ueno, Rei
Bhasin, Shivam
Homma, Naofumi
author_sort Jap, Dirmanto
title Practical side-channel based model extraction attack on tree-based machine learning algorithm
title_short Practical side-channel based model extraction attack on tree-based machine learning algorithm
title_full Practical side-channel based model extraction attack on tree-based machine learning algorithm
title_fullStr Practical side-channel based model extraction attack on tree-based machine learning algorithm
title_full_unstemmed Practical side-channel based model extraction attack on tree-based machine learning algorithm
title_sort practical side-channel based model extraction attack on tree-based machine learning algorithm
publishDate 2021
url https://hdl.handle.net/10356/147425
_version_ 1709685323160616960