Poster: Recovering the input of neural networks via single shot side-channel attacks

Lejla Batina; Shivam Bhasin; Dirmanto Jap; Stjepan Picek

doi:10.1145/3319535.3363280

Poster: Recovering the input of neural networks via single shot side-channel attacks

Lejla Batina, Shivam Bhasin, Dirmanto Jap, Stjepan Picek

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

16 Citations (Scopus)

Abstract

The interplay between machine learning and security is becoming more prominent. New applications using machine learning also bring new security risks. Here, we show it is possible to reverse-engineer the inputs to a neural network with only a single-shot side-channel measurement assuming the attacker knows the neural network architecture being used.

Original language	English
Title of host publication	CCS '19
Subtitle of host publication	Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
Place of Publication	New York
Publisher	Association for Computing Machinery (ACM)
Pages	2657-2659
Number of pages	3
ISBN (Electronic)	978-1-4503-6747-9
DOIs	https://doi.org/10.1145/3319535.3363280
Publication status	Published - 2019
Event	26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 - London, United Kingdom Duration: 11 Nov 2019 → 15 Nov 2019

Conference

Conference	26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019
Country/Territory	United Kingdom
City	London
Period	11/11/19 → 15/11/19

Keywords

Input recovery
Neural networks
Side-channel analysis

Access to Document

10.1145/3319535.3363280

Cite this

@inproceedings{084d602e38614e04b0d63fb198fc3418,

title = "Poster: Recovering the input of neural networks via single shot side-channel attacks",

abstract = "The interplay between machine learning and security is becoming more prominent. New applications using machine learning also bring new security risks. Here, we show it is possible to reverse-engineer the inputs to a neural network with only a single-shot side-channel measurement assuming the attacker knows the neural network architecture being used.",

keywords = "Input recovery, Neural networks, Side-channel analysis",

author = "Lejla Batina and Shivam Bhasin and Dirmanto Jap and Stjepan Picek",

year = "2019",

doi = "10.1145/3319535.3363280",

language = "English",

pages = "2657--2659",

booktitle = "CCS '19",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 ; Conference date: 11-11-2019 Through 15-11-2019",

}

Batina, L, Bhasin, S, Jap, D & Picek, S 2019, Poster: Recovering the input of neural networks via single shot side-channel attacks. in CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), New York, pp. 2657-2659, 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3363280

Poster: Recovering the input of neural networks via single shot side-channel attacks. / Batina, Lejla; Bhasin, Shivam; Jap, Dirmanto et al.
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York: Association for Computing Machinery (ACM), 2019. p. 2657-2659.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Poster

T2 - 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019

AU - Batina, Lejla

AU - Bhasin, Shivam

AU - Jap, Dirmanto

AU - Picek, Stjepan

PY - 2019

Y1 - 2019

N2 - The interplay between machine learning and security is becoming more prominent. New applications using machine learning also bring new security risks. Here, we show it is possible to reverse-engineer the inputs to a neural network with only a single-shot side-channel measurement assuming the attacker knows the neural network architecture being used.

AB - The interplay between machine learning and security is becoming more prominent. New applications using machine learning also bring new security risks. Here, we show it is possible to reverse-engineer the inputs to a neural network with only a single-shot side-channel measurement assuming the attacker knows the neural network architecture being used.

KW - Input recovery

KW - Neural networks

KW - Side-channel analysis

UR - http://www.scopus.com/inward/record.url?scp=85075935269&partnerID=8YFLogxK

U2 - 10.1145/3319535.3363280

DO - 10.1145/3319535.3363280

M3 - Conference contribution

AN - SCOPUS:85075935269

SP - 2657

EP - 2659

BT - CCS '19

PB - Association for Computing Machinery (ACM)

CY - New York

Y2 - 11 November 2019 through 15 November 2019

ER -

Poster: Recovering the input of neural networks via single shot side-channel attacks

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this