Affiliation:
1. University of Florida, Gainesville, United States
Abstract
Convolutional Neural Networks (CNNs) are widely used in various domains, including image recognition, medical diagnosis and autonomous driving. Recent advances in dataflow-based CNN accelerators have enabled CNN inference in resource-constrained edge devices. These dataflow accelerators utilize inherent data reuse of convolution layers to process CNN models efficiently. Concealing the architecture of CNN models is critical for privacy and security. This article evaluates memory-based side-channel information to recover CNN architectures from dataflow-based CNN inference accelerators. The proposed attack exploits spatial and temporal data reuse of the dataflow mapping on CNN accelerators and architectural hints to recover the structure of CNN models. Experimental results demonstrate that our proposed side-channel attack can recover the structures of popular CNN models, namely, Lenet, Alexnet, VGGnet16, and YOLOv2.
Funder
National Science Foundation
Publisher
Association for Computing Machinery (ACM)
Reference47 articles.
1. Abien Fred Agarap. 2018. Deep learning using rectified linear units (ReLU). Retrieved from https://arXiv:1803.08375
2. Architecting a Secure Wireless Interconnect for Multichip Communication: An ML Approach
3. Lejla Batina Shivam Bhasin Dirmanto Jap and Stjepan Picek. 2019. CSI NN: Reverse engineering of neural network architectures through electromagnetic side channel. 28th USENIX Security Symposium (USENIX Security’19). 515–532.
4. TRESOR-HUNT
5. Anirban Chakraborty Manaar Alam Vishal Dey Anupam Chattopadhyay and Debdeep Mukhopadhyay. 2018. Adversarial attacks and defences: A survey. Retrieved from https://arXiv:1810.00069