一种针对多核神经网络处理器的窃取攻击

随着神经网络的广泛应用，它自身的安全问题也成为了一个重要的研究课题。将神经网络部署到神经网络处理器上运行是提高能效比的有效方法，但同时也引入了一些新的安全问题，比如侧信道信息泄露，本文以多核CNN处理器为基础，利用时间和内存侧信道信息，提出了一种针对多核CNN处理器的用户算法信息窃取攻击方法，经过试验证明了攻击的有效性，并针对多核神经网络处理器在时间和内存侧信道方面的脆弱性，提出了有效的防御手段，对如何保护神经网络处理器的安全提供了一定的参考意义。

An Information-leakage Threat Case for Multi-core Neural Network Processor

With the widespread application of neural networks, its own security issues have also become an important research topic. Deploying a neural network to a neural network accelerator is an effective method to improve energy-efficiency, but it also introduces some new security issues, such as side-channel information leakage. Based on multi-core CNN accelerator, we proposed a model extraction attack by exploiting timing and memory side-channel information leakage. The results of the experiments demonstrate the effectiveness of the attack. Then we proposed effective defense methods for the vulnerability of multi-core neural network accelerators in terms of timing and memory side-channels. It provides some reference for how to protect the safety of neural network accelerators.