SCA Strikes Back

Reverse Engineering Neural Network Architectures using Side Channels

Journal article (2022)

Authors

Lejla Batina Radboud Universiteit Nijmegen
Shivam Bhasin Nanyang Technological University
Dirmanto Jap Nanyang Technological University
S. Picek Cyber Security - EEMCS
Research Group
Cyber Security (EEMCS) (TU Delft)
Copyright: © 2022 Lejla Batina, Shivam Bhasin, Dirmanto Jap, S. Picek
DOI: https://doi.org/10.1109/MDAT.2021.3128436
Correlation Neurons Computer architecture Machine learning algorithms Timing Electromagnetics Biological neural networks
More Info
expand_more

Published Date

2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Intelligent Systems

Research Group

Cyber Security

Abstract

This paper was selected for Top Picks in Hardware and Embedded Security 2020 and it presents a physical side-channel attack aiming at reverse engineering neural networks implemented on an edge device. The attack does not need access to training data and allows for neural network recovery by feeding known random inputs. We successfully reverse engineer information about layers, neurons, activation functions, and weights associated with neurons. This attack opens a new door in the domain of security of neural networks. Follow-up works by other researchers have shown this attack to be applicable for various settings and difficult to protect against.