Loading…

Open DNN Box by Power Side-Channel Attack

Deep neural networks are becoming popular and important assets of many AI companies. However, recent studies indicate that they are also vulnerable to adversarial attacks. Adversarial attacks can be either white-box or black-box. The white-box attacks assume full knowledge of the models while the bl...

Full description

Saved in:

Bibliographic Details
Published in:	IEEE transactions on circuits and systems. II, Express briefs Express briefs, 2020-11, Vol.67 (11), p.2717-2721
Main Authors:	Xiang, Yun, Chen, Zhuangzhi, Chen, Zuohui, Fang, Zebin, Hao, Haiyang, Chen, Jinyin, Liu, Yi, Wu, Zhefu, Xuan, Qi, Yang, Xiaoniu
Format:	Article
Language:	English
Subjects:	adversarial attacks Artificial intelligence Artificial neural networks Circuits and systems Computational modeling Computer architecture Deep learning Electronic devices Embedded systems machine learning Mathematical models model identification Neurons Parameter estimation Power demand Security side-channel attack
Citations:	Items that this one cites Items that cite this one
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by	cdi_FETCH-LOGICAL-c295t-39b2025697415b5f8c25516bcf7225294309b06a420a9da4e507afc933d438d23
cites	cdi_FETCH-LOGICAL-c295t-39b2025697415b5f8c25516bcf7225294309b06a420a9da4e507afc933d438d23
container_end_page	2721
container_issue	11
container_start_page	2717
container_title	IEEE transactions on circuits and systems. II, Express briefs
container_volume	67
creator	Xiang, Yun Chen, Zhuangzhi Chen, Zuohui Fang, Zebin Hao, Haiyang Chen, Jinyin Liu, Yi Wu, Zhefu Xuan, Qi Yang, Xiaoniu
description	Deep neural networks are becoming popular and important assets of many AI companies. However, recent studies indicate that they are also vulnerable to adversarial attacks. Adversarial attacks can be either white-box or black-box. The white-box attacks assume full knowledge of the models while the black-box ones assume none. In general, revealing more internal information can enable much more powerful and efficient attacks. However, in most real-world applications, the internal information of embedded AI devices is unavailable. Therefore, in this brief, we propose a side-channel information based technique to reveal the internal information of black-box models. Specifically, we have made the following contributions: (1) different from previous works, we use side-channel information to reveal internal network architecture in embedded devices; (2) we construct models for internal parameter estimation that no research has been reached yet; and (3) we validate our methods on real-world devices and applications. The experimental results show that our method can achieve 96.50% accuracy on average. Such results suggest that we should pay strong attention to the security problem of many AI devices, and further propose corresponding defensive strategies in the future.
doi_str_mv	10.1109/TCSII.2020.2973007
format	article
fullrecord	<record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9000972</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9000972</ieee_id><sourcerecordid>2456527291</sourcerecordid><originalsourceid>FETCH-LOGICAL-c295t-39b2025697415b5f8c25516bcf7225294309b06a420a9da4e507afc933d438d23</originalsourceid><addsrcrecordid>eNo9kE1PwkAQhjdGExH9A3pp4slD6-zsbrdzxOIHCQET8LzZttsIYovbEuXf2wrxNHN4n3cmD2PXHCLOge6X6WIyiRAQIiQtAPQJG3ClklBo4qf9LinUWupzdtE0awAkEDhgd_Otq4LxbBY81D9Btg9e62_ng8WqcGH6bqvKbYJR29r845KdlXbTuKvjHLK3p8dl-hJO58-TdDQNcyTVhoKy7g0Vk5ZcZapMclSKx1leakSFJAVQBrGVCJYKK50CbcuchCikSAoUQ3Z76N36-mvnmtas652vupMGpYoVaiTepfCQyn3dNN6VZutXn9bvDQfTKzF_SkyvxByVdNDNAVo55_4BAgDSKH4BrT5Y4g</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2456527291</pqid></control><display><type>article</type><title>Open DNN Box by Power Side-Channel Attack</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Xiang, Yun ; Chen, Zhuangzhi ; Chen, Zuohui ; Fang, Zebin ; Hao, Haiyang ; Chen, Jinyin ; Liu, Yi ; Wu, Zhefu ; Xuan, Qi ; Yang, Xiaoniu</creator><creatorcontrib>Xiang, Yun ; Chen, Zhuangzhi ; Chen, Zuohui ; Fang, Zebin ; Hao, Haiyang ; Chen, Jinyin ; Liu, Yi ; Wu, Zhefu ; Xuan, Qi ; Yang, Xiaoniu</creatorcontrib><description>Deep neural networks are becoming popular and important assets of many AI companies. However, recent studies indicate that they are also vulnerable to adversarial attacks. Adversarial attacks can be either white-box or black-box. The white-box attacks assume full knowledge of the models while the black-box ones assume none. In general, revealing more internal information can enable much more powerful and efficient attacks. However, in most real-world applications, the internal information of embedded AI devices is unavailable. Therefore, in this brief, we propose a side-channel information based technique to reveal the internal information of black-box models. Specifically, we have made the following contributions: (1) different from previous works, we use side-channel information to reveal internal network architecture in embedded devices; (2) we construct models for internal parameter estimation that no research has been reached yet; and (3) we validate our methods on real-world devices and applications. The experimental results show that our method can achieve 96.50% accuracy on average. Such results suggest that we should pay strong attention to the security problem of many AI devices, and further propose corresponding defensive strategies in the future.</description><identifier>ISSN: 1549-7747</identifier><identifier>EISSN: 1558-3791</identifier><identifier>DOI: 10.1109/TCSII.2020.2973007</identifier><identifier>CODEN: ICSPE5</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>adversarial attacks ; Artificial intelligence ; Artificial neural networks ; Circuits and systems ; Computational modeling ; Computer architecture ; Deep learning ; Electronic devices ; Embedded systems ; machine learning ; Mathematical models ; model identification ; Neurons ; Parameter estimation ; Power demand ; Security ; side-channel attack</subject><ispartof>IEEE transactions on circuits and systems. II, Express briefs, 2020-11, Vol.67 (11), p.2717-2721</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c295t-39b2025697415b5f8c25516bcf7225294309b06a420a9da4e507afc933d438d23</citedby><cites>FETCH-LOGICAL-c295t-39b2025697415b5f8c25516bcf7225294309b06a420a9da4e507afc933d438d23</cites><orcidid>0000-0002-4066-689X ; 0000-0003-1163-698X ; 0000-0002-1042-470X ; 0000-0002-7153-2755 ; 0000-0003-3117-2211</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9000972$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,54771</link.rule.ids></links><search><creatorcontrib>Xiang, Yun</creatorcontrib><creatorcontrib>Chen, Zhuangzhi</creatorcontrib><creatorcontrib>Chen, Zuohui</creatorcontrib><creatorcontrib>Fang, Zebin</creatorcontrib><creatorcontrib>Hao, Haiyang</creatorcontrib><creatorcontrib>Chen, Jinyin</creatorcontrib><creatorcontrib>Liu, Yi</creatorcontrib><creatorcontrib>Wu, Zhefu</creatorcontrib><creatorcontrib>Xuan, Qi</creatorcontrib><creatorcontrib>Yang, Xiaoniu</creatorcontrib><title>Open DNN Box by Power Side-Channel Attack</title><title>IEEE transactions on circuits and systems. II, Express briefs</title><addtitle>TCSII</addtitle><description>Deep neural networks are becoming popular and important assets of many AI companies. However, recent studies indicate that they are also vulnerable to adversarial attacks. Adversarial attacks can be either white-box or black-box. The white-box attacks assume full knowledge of the models while the black-box ones assume none. In general, revealing more internal information can enable much more powerful and efficient attacks. However, in most real-world applications, the internal information of embedded AI devices is unavailable. Therefore, in this brief, we propose a side-channel information based technique to reveal the internal information of black-box models. Specifically, we have made the following contributions: (1) different from previous works, we use side-channel information to reveal internal network architecture in embedded devices; (2) we construct models for internal parameter estimation that no research has been reached yet; and (3) we validate our methods on real-world devices and applications. The experimental results show that our method can achieve 96.50% accuracy on average. Such results suggest that we should pay strong attention to the security problem of many AI devices, and further propose corresponding defensive strategies in the future.</description><subject>adversarial attacks</subject><subject>Artificial intelligence</subject><subject>Artificial neural networks</subject><subject>Circuits and systems</subject><subject>Computational modeling</subject><subject>Computer architecture</subject><subject>Deep learning</subject><subject>Electronic devices</subject><subject>Embedded systems</subject><subject>machine learning</subject><subject>Mathematical models</subject><subject>model identification</subject><subject>Neurons</subject><subject>Parameter estimation</subject><subject>Power demand</subject><subject>Security</subject><subject>side-channel attack</subject><issn>1549-7747</issn><issn>1558-3791</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNo9kE1PwkAQhjdGExH9A3pp4slD6-zsbrdzxOIHCQET8LzZttsIYovbEuXf2wrxNHN4n3cmD2PXHCLOge6X6WIyiRAQIiQtAPQJG3ClklBo4qf9LinUWupzdtE0awAkEDhgd_Otq4LxbBY81D9Btg9e62_ng8WqcGH6bqvKbYJR29r845KdlXbTuKvjHLK3p8dl-hJO58-TdDQNcyTVhoKy7g0Vk5ZcZapMclSKx1leakSFJAVQBrGVCJYKK50CbcuchCikSAoUQ3Z76N36-mvnmtas652vupMGpYoVaiTepfCQyn3dNN6VZutXn9bvDQfTKzF_SkyvxByVdNDNAVo55_4BAgDSKH4BrT5Y4g</recordid><startdate>20201101</startdate><enddate>20201101</enddate><creator>Xiang, Yun</creator><creator>Chen, Zhuangzhi</creator><creator>Chen, Zuohui</creator><creator>Fang, Zebin</creator><creator>Hao, Haiyang</creator><creator>Chen, Jinyin</creator><creator>Liu, Yi</creator><creator>Wu, Zhefu</creator><creator>Xuan, Qi</creator><creator>Yang, Xiaoniu</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope><orcidid>https://orcid.org/0000-0002-4066-689X</orcidid><orcidid>https://orcid.org/0000-0003-1163-698X</orcidid><orcidid>https://orcid.org/0000-0002-1042-470X</orcidid><orcidid>https://orcid.org/0000-0002-7153-2755</orcidid><orcidid>https://orcid.org/0000-0003-3117-2211</orcidid></search><sort><creationdate>20201101</creationdate><title>Open DNN Box by Power Side-Channel Attack</title><author>Xiang, Yun ; Chen, Zhuangzhi ; Chen, Zuohui ; Fang, Zebin ; Hao, Haiyang ; Chen, Jinyin ; Liu, Yi ; Wu, Zhefu ; Xuan, Qi ; Yang, Xiaoniu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c295t-39b2025697415b5f8c25516bcf7225294309b06a420a9da4e507afc933d438d23</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>adversarial attacks</topic><topic>Artificial intelligence</topic><topic>Artificial neural networks</topic><topic>Circuits and systems</topic><topic>Computational modeling</topic><topic>Computer architecture</topic><topic>Deep learning</topic><topic>Electronic devices</topic><topic>Embedded systems</topic><topic>machine learning</topic><topic>Mathematical models</topic><topic>model identification</topic><topic>Neurons</topic><topic>Parameter estimation</topic><topic>Power demand</topic><topic>Security</topic><topic>side-channel attack</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Xiang, Yun</creatorcontrib><creatorcontrib>Chen, Zhuangzhi</creatorcontrib><creatorcontrib>Chen, Zuohui</creatorcontrib><creatorcontrib>Fang, Zebin</creatorcontrib><creatorcontrib>Hao, Haiyang</creatorcontrib><creatorcontrib>Chen, Jinyin</creatorcontrib><creatorcontrib>Liu, Yi</creatorcontrib><creatorcontrib>Wu, Zhefu</creatorcontrib><creatorcontrib>Xuan, Qi</creatorcontrib><creatorcontrib>Yang, Xiaoniu</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEL</collection><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><jtitle>IEEE transactions on circuits and systems. II, Express briefs</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Xiang, Yun</au><au>Chen, Zhuangzhi</au><au>Chen, Zuohui</au><au>Fang, Zebin</au><au>Hao, Haiyang</au><au>Chen, Jinyin</au><au>Liu, Yi</au><au>Wu, Zhefu</au><au>Xuan, Qi</au><au>Yang, Xiaoniu</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Open DNN Box by Power Side-Channel Attack</atitle><jtitle>IEEE transactions on circuits and systems. II, Express briefs</jtitle><stitle>TCSII</stitle><date>2020-11-01</date><risdate>2020</risdate><volume>67</volume><issue>11</issue><spage>2717</spage><epage>2721</epage><pages>2717-2721</pages><issn>1549-7747</issn><eissn>1558-3791</eissn><coden>ICSPE5</coden><abstract>Deep neural networks are becoming popular and important assets of many AI companies. However, recent studies indicate that they are also vulnerable to adversarial attacks. Adversarial attacks can be either white-box or black-box. The white-box attacks assume full knowledge of the models while the black-box ones assume none. In general, revealing more internal information can enable much more powerful and efficient attacks. However, in most real-world applications, the internal information of embedded AI devices is unavailable. Therefore, in this brief, we propose a side-channel information based technique to reveal the internal information of black-box models. Specifically, we have made the following contributions: (1) different from previous works, we use side-channel information to reveal internal network architecture in embedded devices; (2) we construct models for internal parameter estimation that no research has been reached yet; and (3) we validate our methods on real-world devices and applications. The experimental results show that our method can achieve 96.50% accuracy on average. Such results suggest that we should pay strong attention to the security problem of many AI devices, and further propose corresponding defensive strategies in the future.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TCSII.2020.2973007</doi><tpages>5</tpages><orcidid>https://orcid.org/0000-0002-4066-689X</orcidid><orcidid>https://orcid.org/0000-0003-1163-698X</orcidid><orcidid>https://orcid.org/0000-0002-1042-470X</orcidid><orcidid>https://orcid.org/0000-0002-7153-2755</orcidid><orcidid>https://orcid.org/0000-0003-3117-2211</orcidid></addata></record>
fulltext	fulltext
identifier	ISSN: 1549-7747
ispartof	IEEE transactions on circuits and systems. II, Express briefs, 2020-11, Vol.67 (11), p.2717-2721
issn	1549-7747 1558-3791
language	eng
recordid	cdi_ieee_primary_9000972
source	IEEE Electronic Library (IEL) Journals
subjects	adversarial attacks Artificial intelligence Artificial neural networks Circuits and systems Computational modeling Computer architecture Deep learning Electronic devices Embedded systems machine learning Mathematical models model identification Neurons Parameter estimation Power demand Security side-channel attack
title	Open DNN Box by Power Side-Channel Attack
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T15%3A03%3A05IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Open%20DNN%20Box%20by%20Power%20Side-Channel%20Attack&rft.jtitle=IEEE%20transactions%20on%20circuits%20and%20systems.%20II,%20Express%20briefs&rft.au=Xiang,%20Yun&rft.date=2020-11-01&rft.volume=67&rft.issue=11&rft.spage=2717&rft.epage=2721&rft.pages=2717-2721&rft.issn=1549-7747&rft.eissn=1558-3791&rft.coden=ICSPE5&rft_id=info:doi/10.1109/TCSII.2020.2973007&rft_dat=%3Cproquest_ieee_%3E2456527291%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c295t-39b2025697415b5f8c25516bcf7225294309b06a420a9da4e507afc933d438d23%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2456527291&rft_id=info:pmid/&rft_ieee_id=9000972&rfr_iscdi=true