Reverse engineering deep learning algorithms
Cybersecurity concerns surrounding edge Field Programmable Gate Arrays (FPGA) accelerators hosting deep neural network (DNN) architectures have become increasingly prominent due to the vulnerability of such systems to side-channel reverse engineering attacks (SCAs). In this report, we present inn...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
Nanyang Technological University
2024
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/175058 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-175058 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1750582024-04-19T15:42:27Z Reverse engineering deep learning algorithms Muhammad Irfan Bin Norizzam Lam Siew Kei School of Computer Science and Engineering ASSKLam@ntu.edu.sg Computer and Information Science Cybersecurity concerns surrounding edge Field Programmable Gate Arrays (FPGA) accelerators hosting deep neural network (DNN) architectures have become increasingly prominent due to the vulnerability of such systems to side-channel reverse engineering attacks (SCAs). In this report, we present innovative defense mechanisms aimed at thwarting SCAs on edge FPGA accelerators. Our study comprises two key experiments: (1) Scheduling Measures against Hardware Trojan SCAs and (2) Dummy Layer Obfuscator. We first performed strategic modifications to the VTA Convolution 2D script to introduce variability in computation order without compromising mathematical equivalence. While significant disruptions to attack data volumes and layer identification are observed, the study highlights a trade-off between security measures and computational efficiency. Next, we introduced a Dummy Layer Obfuscator by strategically inserting dummy convolutional layers into the DNN architecture to obscure its structure. This approach successfully hinders attackers' ability to discern critical parameters, albeit with certain limitations in layer placement and type. Our findings underscore the importance of integrating robust security measures into the design of FPGA-based DNN accelerators to safeguard against potential threats and uphold model confidentiality. While our proposed defenses demonstrate effectiveness in thwarting side-channel attacks, they also incur additional computational overhead. Future research endeavors should focus on mitigating these overheads while preserving the security benefits of the proposed solutions. Bachelor's degree 2024-04-19T01:55:03Z 2024-04-19T01:55:03Z 2024 Final Year Project (FYP) Muhammad Irfan Bin Norizzam (2024). Reverse engineering deep learning algorithms. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/175058 https://hdl.handle.net/10356/175058 en SCSE23-0140 application/pdf Nanyang Technological University |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Computer and Information Science |
spellingShingle |
Computer and Information Science Muhammad Irfan Bin Norizzam Reverse engineering deep learning algorithms |
description |
Cybersecurity concerns surrounding edge Field Programmable Gate Arrays (FPGA)
accelerators hosting deep neural network (DNN) architectures have become increasingly
prominent due to the vulnerability of such systems to side-channel reverse engineering
attacks (SCAs). In this report, we present innovative defense mechanisms aimed at
thwarting SCAs on edge FPGA accelerators. Our study comprises two key experiments:
(1) Scheduling Measures against Hardware Trojan SCAs and (2) Dummy Layer
Obfuscator.
We first performed strategic modifications to the VTA Convolution 2D script to introduce
variability in computation order without compromising mathematical equivalence. While
significant disruptions to attack data volumes and layer identification are observed, the
study highlights a trade-off between security measures and computational efficiency.
Next, we introduced a Dummy Layer Obfuscator by strategically inserting dummy
convolutional layers into the DNN architecture to obscure its structure. This approach
successfully hinders attackers' ability to discern critical parameters, albeit with certain
limitations in layer placement and type.
Our findings underscore the importance of integrating robust security measures into the
design of FPGA-based DNN accelerators to safeguard against potential threats and uphold
model confidentiality. While our proposed defenses demonstrate effectiveness in
thwarting side-channel attacks, they also incur additional computational overhead. Future
research endeavors should focus on mitigating these overheads while preserving the
security benefits of the proposed solutions. |
author2 |
Lam Siew Kei |
author_facet |
Lam Siew Kei Muhammad Irfan Bin Norizzam |
format |
Final Year Project |
author |
Muhammad Irfan Bin Norizzam |
author_sort |
Muhammad Irfan Bin Norizzam |
title |
Reverse engineering deep learning algorithms |
title_short |
Reverse engineering deep learning algorithms |
title_full |
Reverse engineering deep learning algorithms |
title_fullStr |
Reverse engineering deep learning algorithms |
title_full_unstemmed |
Reverse engineering deep learning algorithms |
title_sort |
reverse engineering deep learning algorithms |
publisher |
Nanyang Technological University |
publishDate |
2024 |
url |
https://hdl.handle.net/10356/175058 |
_version_ |
1814047431490273280 |