Inferring DNN layer-types through a Hardware Performance Counters based Side Channel Attack

Kumar, Bhargav Achary Dandpati and Teja R, Sai Chandra and Mittal, Sparsh and Panda, Biswabandan and Mohan, C Krishna (2021) Inferring DNN layer-types through a Hardware Performance Counters based Side Channel Attack. In: 1st International Conference on AI-ML-Systems, AIMLSystems 2021, 21 October 2021 through 23 October 2021, Virtual, Online.

Text
ACM_International.pdf - Published Version
Restricted to Registered users only
Download (866kB) | Request a copy

Abstract

Recent trends of the use of deep neural networks (DNNs) in mission-critical applications have increased the threats of microarchitectural attacks on DNN models. Recently, researchers have proposed techniques for inferring the DNN model based on microarchitecture-level clues. However, existing techniques require prior knowledge of victim models, lack generality, or provide incomplete information of the victim model architecture. This paper proposes an attack that leaks the layer-type of DNNs using hardware performance monitoring counters (PMCs). Our attack works by profiling low-level hardware events and then analyzes this data using machine learning algorithms. We also apply techniques for removing the class imbalance in the PMC traces and for removing the noise. We present microarchitectural insights (hardware PMCs such as cache accesses/misses, branch instructions, and total instructions) that correlate with the characteristics of DNN layers. The extracted models are also helpful for crafting adversarial inputs. Our attack does not require any prior knowledge of the DNN architecture and still infers the layer-types of the DNN with high accuracy (above 90%). We have released the traces for public use at https://github.com/bhargavarch/DNN_RevEngg_PMC_Dataset. © 2021 ACM.

[error in script]

IITH Creators: