《魔鬼藏在(微)架构中:揭示深度神经网络可执行文件中新的侧信道和位翻转攻击面.pdf》由会员分享,可在线阅读,更多相关《魔鬼藏在(微)架构中:揭示深度神经网络可执行文件中新的侧信道和位翻转攻击面.pdf(65页珍藏版)》请在三个皮匠报告上搜索。
1、#BHEU BlackHatEventsThe Devil is in the(Micro-)Architectures:Uncovering New Side-Channel and Bit-Flip Attack Surfaces in DNN ExecutablesSpeakers:Yanzuo ChenPhD at HKUSTZhibo LiuPostdoc at HKUST#BHEU BlackHatEventsContributors:Yuanyuan YuanPostdoc at ETHShuai WangAssociate Professor at HKUSTTianxiang
2、 Li Sihang Hu Zhihui LinSecurity Researchers at CSI AI Red Team#BHEU BlackHatEventsInformation Classification:General Machine Learning as a Service(MLaaS)The Age of AI3#BHEU BlackHatEventsInformation Classification:General Run ML models in couldMLaaS4Service ProviderUserCloudPrivateModelValuable Pro
3、pertye.g.,design,parameters#BHEU BlackHatEventsInformation Classification:General Attacking objectives:model architectures e.g.,operator types and hyper-parametersAttacks Arising5(Black-box)ModelUserCloudSide ChannelsModel architectures can be stolen.#BHEU BlackHatEventsInformation Classification:Ge
4、neral Model architectures can enable various gray-box attacks e.g.,model stealing and bit-flip attackAttacks Arising6following attacksModel stealingBit-flip attack.more on that later#BHEU BlackHatEventsInformation Classification:General Cloud service providers(e.g.,Meta,AWS,and Google)are employing
5、DNN compilation in resource-sharing environments for cost and profit reasonsMeanwhile7Are DNN executables vulnerable to side-channel attacks?DL Compilers#BHEU BlackHatEventsInformation Classification:General BackgroundDeep Learning(DL)Compilation DNN Executable How to Steal Model ArchitecturesCache
6、Side-Channel Making Models Do Bad StuffBit-Flip AttackOutline8#BHEU BlackHatEventsInformation Classification:General GPUs are expensive Running DNNs on cost-efficient devices is popular DL compilation techniques are proposed to speed up DNN inferenceDNN Executable9CompileTrainDeploy#BHEU BlackHatEve