一种针对多核神经网络处理器的窃取攻击 |
| |
作者姓名: | 高成思 陈维伟 王颖 |
| |
作者单位: | 中国科学院计算技术研究所, 北京 中国 100190;中国科学院大学, 北京 中国 100049,中国科学院计算技术研究所, 北京 中国 100190;中国科学院大学, 北京 中国 100049,中国科学院计算技术研究所, 北京 中国 100190 |
| |
基金项目: | 本课题得到国家自然基金(No.61876173)和中国科学院战略性先导专项项目(No.XDC05030201)资助。 |
| |
摘 要: | 随着神经网络的广泛应用,它自身的安全问题也成为了一个重要的研究课题。将神经网络部署到神经网络处理器上运行是提高能效比的有效方法,但同时也引入了一些新的安全问题,比如侧信道信息泄露,本文以多核CNN处理器为基础,利用时间和内存侧信道信息,提出了一种针对多核CNN处理器的用户算法信息窃取攻击方法,经过试验证明了攻击的有效性,并针对多核神经网络处理器在时间和内存侧信道方面的脆弱性,提出了有效的防御手段,对如何保护神经网络处理器的安全提供了一定的参考意义。
|
关 键 词: | 神经网络 CNN处理器 多核 侧信道 模型窃取 |
收稿时间: | 2020/2/2 0:00:00 |
修稿时间: | 2020/4/24 0:00:00 |
An Information-leakage Threat Case for Multi-core Neural Network Processor |
| |
Authors: | GAO Chengsi CHEN Weiwei and WANG Ying |
| |
Affiliation: | Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China,Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China and Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China |
| |
Abstract: | With the widespread application of neural networks, its own security issues have also become an important research topic. Deploying a neural network to a neural network accelerator is an effective method to improve energy-efficiency, but it also introduces some new security issues, such as side-channel information leakage. Based on multi-core CNN accelerator, we proposed a model extraction attack by exploiting timing and memory side-channel information leakage. The results of the experiments demonstrate the effectiveness of the attack. Then we proposed effective defense methods for the vulnerability of multi-core neural network accelerators in terms of timing and memory side-channels. It provides some reference for how to protect the safety of neural network accelerators. |
| |
Keywords: | neural network convolution neural network accelerator multi-core side-channel model extraction attack |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|