Side channel attacks for architecture extraction of neural networks

[1]  Yang Liu,et al.  SNIFF: Reverse Engineering of Neural Networks with Fault Attacks , 2020, ArXiv.

[2]  Shweta Shinde,et al.  Privado: Practical and Secure DNN Inference , 2018, ArXiv.

[3]  Yuan Xie,et al.  Neural Network Model Extraction Attacks in Edge Devices by Hearing Architectural Hints , 2019, ArXiv.

[4]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[5]  Zhiru Zhang,et al.  MgX: Near-Zero Overhead Memory Protection with an Application to Secure DNN Acceleration , 2020, ArXiv.

[6]  Long Lu,et al.  Mind Your Weight(s): A Large-scale Study on Insufficient Machine Learning Model Protection in Mobile Apps , 2021, USENIX Security Symposium.

[7]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[8]  Quoc V. Le,et al.  Neural Optimizer Search with Reinforcement Learning , 2017, ICML.

[9]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[10]  Tudor Dumitras,et al.  Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks , 2018, ArXiv.

[11]  Tommaso Frassetto,et al.  Offline Model Guard: Secure and Private ML on Mobile Devices , 2020, 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[12]  Tsung-Yi Ho,et al.  CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples , 2020, NDSS.

[13]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[14]  Wei Liu,et al.  Efficient Decision-Based Black-Box Adversarial Attacks on Face Recognition , 2019, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[15]  Alexander LeNail,et al.  NN-SVG: Publication-Ready Neural Network Architecture Schematics , 2019, J. Open Source Softw..

[16]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[17]  Lejla Batina,et al.  CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel , 2019, USENIX Security Symposium.

[18]  Michael Naehrig,et al.  CryptoNets: applying neural networks to encrypted data with high throughput and accuracy , 2016, ICML 2016.

[19]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[20]  Nishant Kumar,et al.  CrypTFlow: Secure TensorFlow Inference , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[21]  Zhiru Zhang,et al.  Reverse engineering convolutional neural networks through side-channel information leaks , 2018, DAC 2018.

[22]  Ahmad-Reza Sadeghi,et al.  SANCTUARY: ARMing TrustZone with User-space Enclaves , 2019, NDSS.

[23]  Valentina Emilia Balas,et al.  Stealing Neural Networks via Timing Side Channels , 2018, ArXiv.

[24]  Rosario Cammarota,et al.  MaskedNet: A Pathway for Secure Inference against Power Side-Channel Attacks , 2019, ArXiv.

[25]  Morten Dahl,et al.  Private Machine Learning in TensorFlow using Secure Computation , 2018, ArXiv.

[26]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[27]  Marcel Keller,et al.  Secure Evaluation of Quantized Neural Networks , 2019, IACR Cryptol. ePrint Arch..

[28]  Pascal Paillier,et al.  Fast Homomorphic Evaluation of Deep Discretized Neural Networks , 2018, IACR Cryptol. ePrint Arch..

[29]  Ankur Srivastava,et al.  Mitigating Reverse Engineering Attacks on Deep Neural Networks , 2019, 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[30]  Ankur Srivastava,et al.  GANRED: GAN-based Reverse Engineering of DNNs via Cache Side-Channel , 2020, IACR Cryptol. ePrint Arch..

[31]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[32]  Nicolas Le Scouarnec,et al.  Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters , 2015, RAID.

[33]  Chang Liu,et al.  DeepSniffer: A DNN Model Extraction Framework Based on Learning Architectural Hints , 2020, ASPLOS.

[34]  Farinaz Koushanfar,et al.  XONN: XNOR-based Oblivious Deep Neural Network Inference , 2019, IACR Cryptol. ePrint Arch..

[35]  Josep Torrellas,et al.  Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures , 2018, USENIX Security Symposium.

[36]  Alex Krizhevsky,et al.  Learning Multiple Layers of Features from Tiny Images , 2009 .

[37]  Nael B. Abu-Ghazaleh,et al.  Rendered Insecure: GPU Side Channel Attacks are Practical , 2018, CCS.

[38]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[39]  Giorgio Patrini,et al.  SEALion: a Framework for Neural Network Inference on Encrypted Data , 2019, ArXiv.

[40]  Qiang Xu,et al.  Fault injection attack on deep neural network , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[41]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[42]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[43]  Qi Xuan,et al.  Open DNN Box by Power Side-Channel Attack , 2019, IEEE Transactions on Circuits and Systems II: Express Briefs.

[44]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[45]  Jun Zhang,et al.  NPUFort: a secure architecture of DNN accelerator against model inversion attack , 2019, CF.

[46]  Samuel Marchal,et al.  PRADA: Protecting Against DNN Model Stealing Attacks , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[47]  Constance Morel,et al.  Recognition Over Encrypted Faces , 2018, MSPN.

[48]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[49]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[50]  Bo Luo,et al.  I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators , 2018, ACSAC.

[51]  Zhiru Zhang,et al.  GuardNN: Secure DNN Accelerator for Privacy-Preserving Deep Learning , 2020, ArXiv.