CNN architecture extraction on edge GPU

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F24%3A00135461" target="_blank" >RIV/00216224:14330/24:00135461 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-031-61486-6_10" target="_blank" >http://dx.doi.org/10.1007/978-3-031-61486-6_10</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-61486-6_10" target="_blank" >10.1007/978-3-031-61486-6_10</a>

Jazyk výsledku

angličtina

Název v původním jazyce

CNN architecture extraction on edge GPU

Popis výsledku v původním jazyce

Neural networks have become popular due to their versatility and state-of-the-art results in many applications, such as image classification, natural language processing, speech recognition, forecasting, etc. These applications are also used in resource-constrained environments such as embedded devices. In this work, the susceptibility of neural network implementations to reverse engineering is explored on the NVIDIA Jetson Nano microcomputer via side-channel analysis. To this end, an architecture extraction attack is presented. In the attack, 15 popular convolutional neural network architectures (EfficientNets, MobileNets, NasNet, etc.) are implemented on the GPU of Jetson Nano and the electromagnetic radiation of the GPU is analyzed during the inference operation of the neural networks. The results of the analysis show that neural network architectures are easily distinguishable using deep learning-based side-channel analysis.

Název v anglickém jazyce

CNN architecture extraction on edge GPU

Popis výsledku anglicky

Neural networks have become popular due to their versatility and state-of-the-art results in many applications, such as image classification, natural language processing, speech recognition, forecasting, etc. These applications are also used in resource-constrained environments such as embedded devices. In this work, the susceptibility of neural network implementations to reverse engineering is explored on the NVIDIA Jetson Nano microcomputer via side-channel analysis. To this end, an architecture extraction attack is presented. In the attack, 15 popular convolutional neural network architectures (EfficientNets, MobileNets, NasNet, etc.) are implemented on the GPU of Jetson Nano and the electromagnetic radiation of the GPU is analyzed during the inference operation of the neural networks. The results of the analysis show that neural network architectures are easily distinguishable using deep learning-based side-channel analysis.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Artificial Intelligence in Hardware Security (AIHWS) Workshop (Satellite Workshops held in parallel with the 22nd International Conference on Applied Cryptography and Network Security, ACNS 2024)

ISBN

9783031614859

ISSN

0302-9743

e-ISSN

1611-3349

Počet stran výsledku

18

Strana od-do

158-175

Název nakladatele

Springer

Místo vydání

Abu Dhabi

Místo konání akce

Abu Dhabi

Datum konání akce

1. 1. 2024

Typ akce podle státní příslušnosti

CST - Celostátní akce

Kód UT WoS článku

001285569600010