Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/156094
Full metadata record
DC FieldValueLanguage
dc.contributor.authorWon, Yoo-Seungen_US
dc.contributor.authorChatterjee, Sohamen_US
dc.contributor.authorJap, Dirmantoen_US
dc.contributor.authorBasu, Arindamen_US
dc.contributor.authorBhasin, Shivamen_US
dc.date.accessioned2022-04-07T05:27:34Z-
dc.date.available2022-04-07T05:27:34Z-
dc.date.issued2021-
dc.identifier.citationWon, Y., Chatterjee, S., Jap, D., Basu, A. & Bhasin, S. (2021). DeepFreeze : cold boot attacks and high fidelity model recovery on commercial EdgeML device. 2021 IEEE/ACM International Conference On Computer Aided Design (ICCAD), 1-9. https://dx.doi.org/10.1109/ICCAD51958.2021.9643512en_US
dc.identifier.isbn9781665445078-
dc.identifier.urihttps://hdl.handle.net/10356/156094-
dc.description.abstractEdgeML accelerators like Intel Neural Compute Stick 2 (NCS) can enable efficient edge-based inference with complex pre-trained models. The models are loaded in the host (like Raspberry Pi) and then transferred to NCS for inference. In this paper, we demonstrate practical and low-cost cold boot based model recovery attacks on NCS to recover the model architecture and weights, loaded from the Raspberry Pi. The architecture is recovered with 100% success and weights with an error rate of 0.04%. The recovered model reports maximum accuracy loss of 0.5% as compared to original model and allows high fidelity transfer of adversarial examples. We further extend our study to other cold boot attack setups reported in the literature with higher error rates leading to accuracy loss as high as 70%. We then propose a methodology based on knowledge distillation to correct the erroneous weights in recovered model, even without access to original training data. The proposed attack remains unaffected by the model encryption features of the OpenVINO and NCS framework.en_US
dc.description.sponsorshipNational Research Foundation (NRF)en_US
dc.language.isoenen_US
dc.relationNRF2018NCR- NCR009-0001en_US
dc.rights© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/ICCAD51958.2021.9643512.en_US
dc.subjectEngineering::Electrical and electronic engineering::Computer hardware, software and systemsen_US
dc.titleDeepFreeze : cold boot attacks and high fidelity model recovery on commercial EdgeML deviceen_US
dc.typeConference Paperen
dc.contributor.schoolSchool of Electrical and Electronic Engineeringen_US
dc.contributor.conference2021 IEEE/ACM International Conference On Computer Aided Design (ICCAD)en_US
dc.contributor.researchTemasek Laboratories @ NTUen_US
dc.identifier.doi10.1109/ICCAD51958.2021.9643512-
dc.description.versionSubmitted/Accepted versionen_US
dc.identifier.scopus2-s2.0-85124155429-
dc.identifier.spage1en_US
dc.identifier.epage9en_US
dc.subject.keywordsCold Boot Attacken_US
dc.subject.keywordsEdgeMLen_US
dc.citation.conferencelocationMunich, Germanyen_US
dc.description.acknowledgementThis research is supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR- NCR009-0001)en_US
item.fulltextWith Fulltext-
item.grantfulltextopen-
Appears in Collections:EEE Conference Papers
TL Conference Papers
Files in This Item:
File Description SizeFormat 
_2021_ICCAD__CBA_for_Edge_ML (2).pdf3.48 MBAdobe PDFThumbnail
View/Open

SCOPUSTM   
Citations 50

6
Updated on Mar 26, 2024

Page view(s)

181
Updated on Mar 28, 2024

Download(s) 50

63
Updated on Mar 28, 2024

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.