Preventing Distillation-based Attacks on Neural Network IP

04/01/2022
by   Mahdieh Grailoo, et al.
0

Neural networks (NNs) are already deployed in hardware today, becoming valuable intellectual property (IP) as many hours are invested in their training and optimization. Therefore, attackers may be interested in copying, reverse engineering, or even modifying this IP. The current practices in hardware obfuscation, including the widely studied logic locking technique, are insufficient to protect the actual IP of a well-trained NN: its weights. Simply hiding the weights behind a key-based scheme is inefficient (resource-hungry) and inadequate (attackers can exploit knowledge distillation). This paper proposes an intuitive method to poison the predictions that prevent distillation-based attacks; this is the first work to consider such a poisoning approach in hardware-implemented NNs. The proposed technique obfuscates a NN so an attacker cannot train the NN entirely or accurately. We elaborate a threat model which highlights the difference between random logic obfuscation and the obfuscation of NN IP. Based on this threat model, our security analysis shows that the poisoning successfully and significantly reduces the accuracy of the stolen NN model on various representative datasets. Moreover, the accuracy and prediction distributions are maintained, no functionality is disturbed, nor are high overheads incurred. Finally, we highlight that our proposed approach is flexible and does not require manipulation of the NN toolchain.

READ FULL TEXT

page 1

page 5

research
06/08/2023

FuncTeller: How Well Does eFPGA Hide Functionality?

Hardware intellectual property (IP) piracy is an emerging threat to the ...
research
10/01/2019

A Look at the Dark Side of Hardware Reverse Engineering – A Case Study

A massive threat to the modern and complex IC production chain is the us...
research
01/04/2020

DLockout: A Design Lockout Technique for Key Obfuscated RTL IP Designs

Intellectual Property (IP) infringement including piracy and over produc...
research
10/29/2020

Scalable Attack-Resistant Obfuscation of Logic Circuits

Hardware IP protection has been one of the most critical areas of resear...
research
11/14/2018

Opening the Doors to Dynamic Camouflaging: Harnessing the Power of Polymorphic Devices

Hardware-centric security threats have emerged in every stage of the IC ...
research
12/19/2022

Review of security techniques for memristor computing systems

Neural network (NN) algorithms have become the dominant tool in visual o...
research
10/26/2022

EIPSIM: Modeling Secure IP Address Allocation at Cloud Scale

Public clouds provide impressive capability through resource sharing. Ho...

Please sign up or login with your details

Forgot password? Click here to reset