SNATCH: Stealing Neural Network Architecture from ML Accelerator in Intelligent Sensors

The use of Machine Learning (ML) models executing on ML Accelerators (MLA) in Intelligent sensors for feature extraction has garnered substantial interest. The Neural Network (NN) architecture implemented of MLA are intellectual property for the vendors. Along with improved power-efficiency and redu...

Full description

Saved in:
Bibliographic Details
Main Authors: Sharma, Sudarshan, Kamal, Uday, Tong, Jianming, Krishna, Tushar, Mukhopadhyay, Saibal
Format: Conference Proceeding
Language:English
Subjects:
Artificial neural networks
Feature extraction
Hardware
Intellectual property
Intelligent Sensors
NN Architecture Stealing
Oscilloscopes
Profiled EM Side Channel Attack
Security
Side-channel attacks
Xilinx DPU
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The use of Machine Learning (ML) models executing on ML Accelerators (MLA) in Intelligent sensors for feature extraction has garnered substantial interest. The Neural Network (NN) architecture implemented of MLA are intellectual property for the vendors. Along with improved power-efficiency and reduced bandwidth, the hardware based ML models embedded in the sensor also provides additional security against cyber-attacks on the ML. In this paper, we introduce an attack referred as SNATCH which uses a profiling-based side channel attack (SCA) that aims to steal the NN architecture executing on a digital MLA (Deep Learning Processing Unit (DPU) IP by Xilinx). We use electromagnetic side channel leakage from a clone device to create a profiler and then attack the victim's device to steal the NN architecture. Stealing the ML model undermines the intellectual property rights of the vendors of a sensor. Further, it also allows an adversary to mount critical Denial of Service and misuse attack.
ISSN:2168-9229
DOI:10.1109/SENSORS56945.2023.10324872