一种针对多核神经网络处理器的窃取攻击

高成思; 陈维伟; 王颖

引用本文：

高成思,陈维伟,王颖.一种针对多核神经网络处理器的窃取攻击[J].信息安全学报,2020,5(3):23-34 [点击复制]
GAO Chengsi,CHEN Weiwei,WANG Ying.An Information-leakage Threat Case for Multi-core Neural Network Processor[J].Journal of Cyber Security,2020,5(3):23-34 [点击复制]

本文已被：浏览 6257次下载 5423次	码上扫一扫！
一种针对多核神经网络处理器的窃取攻击
高成思^1,2, 陈维伟^1,2, 王颖¹
0 字体:加大+\|默认\|缩小-
(1.中国科学院计算技术研究所, 北京中国 100190;2.中国科学院大学, 北京中国 100049)

摘要:

随着神经网络的广泛应用，它自身的安全问题也成为了一个重要的研究课题。将神经网络部署到神经网络处理器上运行是提高能效比的有效方法，但同时也引入了一些新的安全问题，比如侧信道信息泄露，本文以多核CNN处理器为基础，利用时间和内存侧信道信息，提出了一种针对多核CNN处理器的用户算法信息窃取攻击方法，经过试验证明了攻击的有效性，并针对多核神经网络处理器在时间和内存侧信道方面的脆弱性，提出了有效的防御手段，对如何保护神经网络处理器的安全提供了一定的参考意义。

关键词: 神经网络 CNN处理器多核侧信道模型窃取

DOI：10.19363/J.cnki.cn10-1380/tn.2020.05.03

投稿时间：2020-02-02修订日期：2020-04-24

基金项目:本课题得到国家自然基金（No.61876173）和中国科学院战略性先导专项项目（No.XDC05030201）资助。

An Information-leakage Threat Case for Multi-core Neural Network Processor

GAO Chengsi^1,2, CHEN Weiwei^1,2, WANG Ying¹

(1.Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China;2.University of Chinese Academy of Sciences, Beijing 100049, China)

Abstract:

With the widespread application of neural networks, its own security issues have also become an important research topic. Deploying a neural network to a neural network accelerator is an effective method to improve energy-efficiency, but it also introduces some new security issues, such as side-channel information leakage. Based on multi-core CNN accelerator, we proposed a model extraction attack by exploiting timing and memory side-channel information leakage. The results of the experiments demonstrate the effectiveness of the attack. Then we proposed effective defense methods for the vulnerability of multi-core neural network accelerators in terms of timing and memory side-channels. It provides some reference for how to protect the safety of neural network accelerators.

Key words: neural network convolution neural network accelerator multi-core side-channel model extraction attack