SCA strikes back : reverse engineering neural network architectures using side channels

Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the informatio...

全面介紹

Saved in:
書目詳細資料
Main Authors: Batina, Lejla, Bhasin, Shivam, Jap, Dirmanto, Picek, Stjepan
其他作者: Temasek Laboratories @ NTU
格式: Article
語言:English
出版: 2021
主題:
在線閱讀:https://hdl.handle.net/10356/153411
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
機構: Nanyang Technological University
語言: English
實物特徵
總結:Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the information, manages to reverse engineer all relevant hyper-parameters and parameters. Our work is a proof of concept (but also a realistic demonstration) that such attacks are possible and warns that more effort should be given to developing countermeasures. While we have used microcontrollers for our experiments, the attack applies to other targets like FPGAs and GPUs.