SCA Strikes Back
Reverse Engineering Neural Network Architectures using Side Channels
More Info
expand_more
expand_more
Abstract
This paper was selected for Top Picks in Hardware and Embedded Security 2020 and it presents a physical side-channel attack aiming at reverse engineering neural networks implemented on an edge device. The attack does not need access to training data and allows for neural network recovery by feeding known random inputs. We successfully reverse engineer information about layers, neurons, activation functions, and weights associated with neurons. This attack opens a new door in the domain of security of neural networks. Follow-up works by other researchers have shown this attack to be applicable for various settings and difficult to protect against.
Files
Top_Picks_CSI_NN_journal.pdf
(.pdf | 2.95 Mb)
Download not available
SCA_Strikes_Back_Reverse_Engin... (.pdf)
(.pdf | 1.43 Mb)
- Embargo expired in 01-07-2023