Model Extraction and Adversarial Attacks on Neural Networks using Switching Power Information

06/15/2021
by   Tommy Li, et al.
0

Artificial neural networks (ANNs) have gained significant popularity in the last decade for solving narrow AI problems in domains such as healthcare, transportation, and defense. As ANNs become more ubiquitous, it is imperative to understand their associated safety, security, and privacy vulnerabilities. Recently, it has been shown that ANNs are susceptible to a number of adversarial evasion attacks–inputs that cause the ANN to make high-confidence misclassifications despite being almost indistinguishable from the data used to train and test the network. This work explores to what degree finding these examples maybe aided by using side-channel information, specifically switching power consumption, of hardware implementations of ANNs. A black-box threat scenario is assumed, where an attacker has access to the ANN hardware's input, outputs, and topology, but the trained model parameters are unknown. Then, a surrogate model is trained to have similar functional (i.e. input-output mapping) and switching power characteristics as the oracle (black-box) model. Our results indicate that the inclusion of power consumption data increases the fidelity of the model extraction by up to 30 percent based on a mean square error comparison of the oracle and surrogate weights. However, transferability of adversarial examples from the surrogate to the oracle model was not significantly affected.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/06/2022

Enhancing Adversarial Attacks on Single-Layer NVM Crossbar-Based Neural Networks with Power Consumption Information

Adversarial attacks on state-of-the-art machine learning models pose a s...
research
09/05/2021

Training Meta-Surrogate Model for Transferable Adversarial Attack

We consider adversarial attacks to a black-box model when no queries are...
research
11/03/2022

Data-free Defense of Black Box Models Against Adversarial Attacks

Several companies often safeguard their trained deep models (i.e. detail...
research
12/24/2018

Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks

We consider adversarial examples in the black-box decision-based scenari...
research
08/13/2022

MaskBlock: Transferable Adversarial Examples with Bayes Approach

The transferability of adversarial examples (AEs) across diverse models ...
research
02/23/2023

Boosting Adversarial Transferability using Dynamic Cues

The transferability of adversarial perturbations between image models ha...
research
11/30/2020

Data-Free Model Extraction

Current model extraction attacks assume that the adversary has access to...

Please sign up or login with your details

Forgot password? Click here to reset