Please use this identifier to cite or link to this item:
Title: SNIFF : reverse engineering of neural networks with fault attacks
Authors: Breier, Jakub
Jap, Dirmanto
Hou, Xiaolu
Bhasin, Shivam
Liu, Yang
Keywords: Library and information science::Cryptography
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence
Engineering::Computer science and engineering::Hardware::Performance and reliability
Issue Date: 2021
Source: Breier, J., Jap, D., Hou, X., Bhasin, S. & Liu, Y. (2021). SNIFF : reverse engineering of neural networks with fault attacks. IEEE Transactions On Reliability.
Project: NRF2018NCR-NCR002-0001 
SASPRO 2 COFUND (Grant 945478) 
Journal: IEEE Transactions on Reliability 
Abstract: Neural networks have been shown to be vulnerable against fault injection attacks. These attacks change the physical behavior of the device during the computation, resulting in a change of value that is currently being computed. They can be realized by various techniques, ranging from clock/voltage glitching to application of lasers to rowhammer. Previous works have mostly explored fault attacks for output misclassification, thus affecting the reliability of neural networks. In this article, we investigate the possibility to reverse engineer neural networks with fault attacks. Sign bit flip fault attack enables the reverse engineering by changing the sign of intermediate values. We develop the first exact extraction method on deep-layer feature extractor networks that provably allows the recovery of proprietary model parameters. Our experiments with Keras library show that the precision error for the parameter recovery for the tested networks is less than <formula><tex>$10^{-13}$</tex></formula>with the usage of 64-bit floats, which improves the current state of the art by six orders of magnitude.
ISSN: 0018-9529
DOI: 10.1109/TR.2021.3105697
Rights: © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in. other works. The published version is available at:
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Journal Articles
TL Journal Articles

Files in This Item:
File Description SizeFormat 
_IEEE_TREL__Reverse_Engineering_of_Neural_Networks_with_Fault_Attacks.pdf1.5 MBAdobe PDFThumbnail

Page view(s)

Updated on May 19, 2022


Updated on May 19, 2022

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.