Reverse engineering deep learning algorithms

Cybersecurity concerns surrounding edge Field Programmable Gate Arrays (FPGA) accelerators hosting deep neural network (DNN) architectures have become increasingly prominent due to the vulnerability of such systems to side-channel reverse engineering attacks (SCAs). In this report, we present inn...

Full description

Saved in:
Bibliographic Details
Main Author: Muhammad Irfan Bin Norizzam
Other Authors: Lam Siew Kei
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2024
Subjects:
Online Access:https://hdl.handle.net/10356/175058
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-175058
record_format dspace
spelling sg-ntu-dr.10356-1750582024-04-19T15:42:27Z Reverse engineering deep learning algorithms Muhammad Irfan Bin Norizzam Lam Siew Kei School of Computer Science and Engineering ASSKLam@ntu.edu.sg Computer and Information Science Cybersecurity concerns surrounding edge Field Programmable Gate Arrays (FPGA) accelerators hosting deep neural network (DNN) architectures have become increasingly prominent due to the vulnerability of such systems to side-channel reverse engineering attacks (SCAs). In this report, we present innovative defense mechanisms aimed at thwarting SCAs on edge FPGA accelerators. Our study comprises two key experiments: (1) Scheduling Measures against Hardware Trojan SCAs and (2) Dummy Layer Obfuscator. We first performed strategic modifications to the VTA Convolution 2D script to introduce variability in computation order without compromising mathematical equivalence. While significant disruptions to attack data volumes and layer identification are observed, the study highlights a trade-off between security measures and computational efficiency. Next, we introduced a Dummy Layer Obfuscator by strategically inserting dummy convolutional layers into the DNN architecture to obscure its structure. This approach successfully hinders attackers' ability to discern critical parameters, albeit with certain limitations in layer placement and type. Our findings underscore the importance of integrating robust security measures into the design of FPGA-based DNN accelerators to safeguard against potential threats and uphold model confidentiality. While our proposed defenses demonstrate effectiveness in thwarting side-channel attacks, they also incur additional computational overhead. Future research endeavors should focus on mitigating these overheads while preserving the security benefits of the proposed solutions. Bachelor's degree 2024-04-19T01:55:03Z 2024-04-19T01:55:03Z 2024 Final Year Project (FYP) Muhammad Irfan Bin Norizzam (2024). Reverse engineering deep learning algorithms. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/175058 https://hdl.handle.net/10356/175058 en SCSE23-0140 application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Computer and Information Science
spellingShingle Computer and Information Science
Muhammad Irfan Bin Norizzam
Reverse engineering deep learning algorithms
description Cybersecurity concerns surrounding edge Field Programmable Gate Arrays (FPGA) accelerators hosting deep neural network (DNN) architectures have become increasingly prominent due to the vulnerability of such systems to side-channel reverse engineering attacks (SCAs). In this report, we present innovative defense mechanisms aimed at thwarting SCAs on edge FPGA accelerators. Our study comprises two key experiments: (1) Scheduling Measures against Hardware Trojan SCAs and (2) Dummy Layer Obfuscator. We first performed strategic modifications to the VTA Convolution 2D script to introduce variability in computation order without compromising mathematical equivalence. While significant disruptions to attack data volumes and layer identification are observed, the study highlights a trade-off between security measures and computational efficiency. Next, we introduced a Dummy Layer Obfuscator by strategically inserting dummy convolutional layers into the DNN architecture to obscure its structure. This approach successfully hinders attackers' ability to discern critical parameters, albeit with certain limitations in layer placement and type. Our findings underscore the importance of integrating robust security measures into the design of FPGA-based DNN accelerators to safeguard against potential threats and uphold model confidentiality. While our proposed defenses demonstrate effectiveness in thwarting side-channel attacks, they also incur additional computational overhead. Future research endeavors should focus on mitigating these overheads while preserving the security benefits of the proposed solutions.
author2 Lam Siew Kei
author_facet Lam Siew Kei
Muhammad Irfan Bin Norizzam
format Final Year Project
author Muhammad Irfan Bin Norizzam
author_sort Muhammad Irfan Bin Norizzam
title Reverse engineering deep learning algorithms
title_short Reverse engineering deep learning algorithms
title_full Reverse engineering deep learning algorithms
title_fullStr Reverse engineering deep learning algorithms
title_full_unstemmed Reverse engineering deep learning algorithms
title_sort reverse engineering deep learning algorithms
publisher Nanyang Technological University
publishDate 2024
url https://hdl.handle.net/10356/175058
_version_ 1814047431490273280