- Main
Stealing Deep Learning Model Secret through Remote FPGA Side-channel Analysis
- Zhang, Yicheng
- Advisor(s): Al Faruque, Mohammad Abdullah
Abstract
Companies have extensively developed deep Neural Network (DNN) models for a wide range of applications. The development of a customized DNN model with great performance requires costly investments, and its structure (layers and hyper-parameters) is considered intellectual property and holds immense value. However, in this paper, we found the model secret is vulnerable when a cloud-based FPGA accelerator executes it.We demonstrate an end-to-end attack based on remote power side-channel analysis and machine-learning-based secret inference against different DNN models. The evaluation result shows that an attacker can reconstruct the layer and hyper-parameter sequence at over 90% accuracy using our method, significantly reducing their model development workloads. We believe the threat presented by our attack is tangible, and new defense mechanisms should be developed against this threat.
Main Content
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-
-
-