SCA Strikes Back: Reverse Engineering Neural Network Architectures using Side Channels

Lejla Batina, Shivam Bhasin, Dirmanto Jap, Stjepan Picek

Research output: Contribution to journalArticleScientificpeer-review

1 Citation (Scopus)
83 Downloads (Pure)

Abstract

This paper was selected for Top Picks in Hardware and Embedded Security 2020 and it presents a physical side-channel attack aiming at reverse engineering neural networks implemented on an edge device. The attack does not need access to training data and allows for neural network recovery by feeding known random inputs. We successfully reverse engineer information about layers, neurons, activation functions, and weights associated with neurons. This attack opens a new door in the domain of security of neural networks. Follow-up works by other researchers have shown this attack to be applicable for various settings and difficult to protect against.

Original languageEnglish
Article number9615240
Pages (from-to)7-14
Number of pages8
JournalIEEE Design and Test
Volume39
Issue number4
DOIs
Publication statusPublished - 2022

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

  • Biological neural networks
  • Computer architecture
  • Correlation
  • Electromagnetics
  • Machine learning algorithms
  • Neurons
  • Timing

Fingerprint

Dive into the research topics of 'SCA Strikes Back: Reverse Engineering Neural Network Architectures using Side Channels'. Together they form a unique fingerprint.

Cite this