摘要: |
随着神经网络的广泛应用,它自身的安全问题也成为了一个重要的研究课题。将神经网络部署到神经网络处理器上运行是提高能效比的有效方法,但同时也引入了一些新的安全问题,比如侧信道信息泄露,本文以多核CNN处理器为基础,利用时间和内存侧信道信息,提出了一种针对多核CNN处理器的用户算法信息窃取攻击方法,经过试验证明了攻击的有效性,并针对多核神经网络处理器在时间和内存侧信道方面的脆弱性,提出了有效的防御手段,对如何保护神经网络处理器的安全提供了一定的参考意义。 |
关键词: 神经网络 CNN处理器 多核 侧信道 模型窃取 |
DOI:10.19363/J.cnki.cn10-1380/tn.2020.05.03 |
投稿时间:2020-02-02修订日期:2020-04-24 |
基金项目:本课题得到国家自然基金(No.61876173)和中国科学院战略性先导专项项目(No.XDC05030201)资助。 |
|
An Information-leakage Threat Case for Multi-core Neural Network Processor |
GAO Chengsi,CHEN Weiwei,WANG Ying |
Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China |
Abstract: |
With the widespread application of neural networks, its own security issues have also become an important research topic. Deploying a neural network to a neural network accelerator is an effective method to improve energy-efficiency, but it also introduces some new security issues, such as side-channel information leakage. Based on multi-core CNN accelerator, we proposed a model extraction attack by exploiting timing and memory side-channel information leakage. The results of the experiments demonstrate the effectiveness of the attack. Then we proposed effective defense methods for the vulnerability of multi-core neural network accelerators in terms of timing and memory side-channels. It provides some reference for how to protect the safety of neural network accelerators. |
Key words: neural network convolution neural network accelerator multi-core side-channel model extraction attack |