【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 6265次   下载 5431 本文二维码信息
码上扫一扫!
一种针对多核神经网络处理器的窃取攻击
高成思,陈维伟,王颖
分享到: 微信 更多
(中国科学院计算技术研究所, 北京 中国 100190;中国科学院大学, 北京 中国 100049)
摘要:
随着神经网络的广泛应用,它自身的安全问题也成为了一个重要的研究课题。将神经网络部署到神经网络处理器上运行是提高能效比的有效方法,但同时也引入了一些新的安全问题,比如侧信道信息泄露,本文以多核CNN处理器为基础,利用时间和内存侧信道信息,提出了一种针对多核CNN处理器的用户算法信息窃取攻击方法,经过试验证明了攻击的有效性,并针对多核神经网络处理器在时间和内存侧信道方面的脆弱性,提出了有效的防御手段,对如何保护神经网络处理器的安全提供了一定的参考意义。
关键词:  神经网络  CNN处理器  多核  侧信道  模型窃取
DOI:10.19363/J.cnki.cn10-1380/tn.2020.05.03
投稿时间:2020-02-02修订日期:2020-04-24
基金项目:本课题得到国家自然基金(No.61876173)和中国科学院战略性先导专项项目(No.XDC05030201)资助。
An Information-leakage Threat Case for Multi-core Neural Network Processor
GAO Chengsi,CHEN Weiwei,WANG Ying
Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
With the widespread application of neural networks, its own security issues have also become an important research topic. Deploying a neural network to a neural network accelerator is an effective method to improve energy-efficiency, but it also introduces some new security issues, such as side-channel information leakage. Based on multi-core CNN accelerator, we proposed a model extraction attack by exploiting timing and memory side-channel information leakage. The results of the experiments demonstrate the effectiveness of the attack. Then we proposed effective defense methods for the vulnerability of multi-core neural network accelerators in terms of timing and memory side-channels. It provides some reference for how to protect the safety of neural network accelerators.
Key words:  neural network  convolution neural network accelerator  multi-core  side-channel  model extraction attack