Poster: Recovering the Input of Neural Networks via Single Shot Side-channel Attacks

被引:14
作者
Batina, Lejla [1 ]
Bhasin, Shivam [2 ]
Jap, Dirmanto [2 ]
Picek, Stjepan [3 ]
机构
[1] Radboud Univ Nijmegen, Nijmegen, Netherlands
[2] Nanyang Technol Univ, Singapore, Singapore
[3] Delft Univ Technol, Delft, Netherlands
来源
PROCEEDINGS OF THE 2019 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'19) | 2019年
基金
新加坡国家研究基金会;
关键词
Neural networks; Side-channel analysis; Input recovery;
D O I
10.1145/3319535.3363280
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The interplay between machine learning and security is becoming more prominent. New applications using machine learning also bring new security risks. Here, we show it is possible to reverse engineer the inputs to a neural network with only a single-shot side-channel measurement assuming the attacker knows the neural network architecture being used.
引用
收藏
页码:2657 / 2659
页数:3
相关论文
共 5 条
  • [1] Ateniese Giuseppe, 2015, International Journal of Security and Networks, V10, P137
  • [2] Batina L, 2019, PROCEEDINGS OF THE 28TH USENIX SECURITY SYMPOSIUM, P515
  • [3] Clavier Christophe, 2010, INT C INF COMM SEC
  • [4] Tramèr F, 2016, PROCEEDINGS OF THE 25TH USENIX SECURITY SYMPOSIUM, P601
  • [5] Wei L., 2018, CORR
1