Reverse-engineering deep neural networks using floating-point timing side-channels

Reverse-engineering deep neural networks using floating-point timing side-channels

연구 분야: Analysis

학회: DAC '20: Proceedings of the 57th ACM/EDAC/IEEE Design Automation Conference

Trained Deep Neural Network (DNN) models have become valuable intellectual property. A new attack surface has emerged for DNNs: model reverse engineering. Several recent attempts have utilized various common side channels. However, recovering DNN parameters, weights and biases, remains a challenge. In this paper, we present a novel attack that utilizes a floating-point timing side channel to reverse-engineer parameters of multi-layer perceptron (MLP) models in software implementation, entirely and precisely. To the best of our knowledge, this is the first work that leverages a floating-point timing side-channel for effective DNN model recovery.