I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators

Add code
Mar 05, 2018
Lingxiao Wei, Yannan Liu, Bo Luo, Yu Li, Qiang Xu
Figure 1 for I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators
Figure 2 for I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators
Figure 3 for I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators
Figure 4 for I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Deep learning has become the de-facto computational paradigm for various kinds of perception problems, including many privacy-sensitive applications such as online medical image analysis. No doubt to say, the data privacy of these deep learning systems is a serious concern. Different from previous research focusing on exploiting privacy leakage from deep learning models, in this paper, we present the first attack on the implementation of deep learning models. To be specific, we perform the attack on an FPGA-based convolutional neural network accelerator and we manage to recover the input image from the collected power traces without knowing the detailed parameters in the neural network by utilizing the characteristics of the "line buffer" performing convolution in the CNN accelerators. For the MNIST dataset, our power side-channel attack is able to achieve up to 89% recognition accuracy.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon