DNN model theft through trojan side-channel on edge FPGA accelerator

DNN model theft through trojan side-channel on edge FPGA accelerator

In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by moni...

全面介紹

Saved in:
書目詳細資料
Main Authors: Chandrasekar, Srivatsan, Lam, Siew-Kei, Thambipillai, Srikanthan
其他作者: College of Computing and Data Science
格式: Conference or Workshop Item
語言:English
出版: 2024
主題:
Computer and Information Science
Side-channel attacks
Deep learning accelerators
FPGA security
Machine learning security
Hardware trojans
在線閱讀:https://hdl.handle.net/10356/178536
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
實物特徵
總結:In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms.

相似書籍