Research Article
DNN Architecture Attacks via Network and Power Side Channels
@INPROCEEDINGS{10.1007/978-3-031-64948-6_4, author={Yuanjun Dai and Qingzhe Guo and An Wang}, title={DNN Architecture Attacks via Network and Power Side Channels}, proceedings={Security and Privacy in Communication Networks. 19th EAI International Conference, SecureComm 2023, Hong Kong, China, October 19-21, 2023, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2024}, month={10}, keywords={}, doi={10.1007/978-3-031-64948-6_4} }- Yuanjun Dai
Qingzhe Guo
An Wang
Year: 2024
DNN Architecture Attacks via Network and Power Side Channels
SECURECOMM
Springer
DOI: 10.1007/978-3-031-64948-6_4
Abstract
The increasing complexity of machine learning models drives the emergence of Machine-Learning-as-a-Service (MLaaS) solutions provided by cloud service providers. With MLaaS, customers can leverage existing data center infrastructures for model training and inference. To improve training efficiency, modern machine learning platforms introduce communication optimization mechanisms, which can lead to information leakage. In this work, we present a network side channel based attack to steal model sensitive information. Specifically, we leverage the unique communication patterns during training to learn the model architectures. To further improve accuracy, we also collect information from software based power side channels and correlate it with the information extracted from network. Such temporal and spatial correlation helps reduce the search space of the target model architecture significantly. Through evaluations, we show that we can achieve more than 90% accuracy for model hyper-parameters reconstruction. We also demonstrate that our proposed attack is robust against background noise by evaluating with memory and traffic intensive co-located applications.
