Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/156094
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Won, Yoo-Seung | en_US |
dc.contributor.author | Chatterjee, Soham | en_US |
dc.contributor.author | Jap, Dirmanto | en_US |
dc.contributor.author | Basu, Arindam | en_US |
dc.contributor.author | Bhasin, Shivam | en_US |
dc.date.accessioned | 2022-04-07T05:27:34Z | - |
dc.date.available | 2022-04-07T05:27:34Z | - |
dc.date.issued | 2021 | - |
dc.identifier.citation | Won, Y., Chatterjee, S., Jap, D., Basu, A. & Bhasin, S. (2021). DeepFreeze : cold boot attacks and high fidelity model recovery on commercial EdgeML device. 2021 IEEE/ACM International Conference On Computer Aided Design (ICCAD), 1-9. https://dx.doi.org/10.1109/ICCAD51958.2021.9643512 | en_US |
dc.identifier.isbn | 9781665445078 | - |
dc.identifier.uri | https://hdl.handle.net/10356/156094 | - |
dc.description.abstract | EdgeML accelerators like Intel Neural Compute Stick 2 (NCS) can enable efficient edge-based inference with complex pre-trained models. The models are loaded in the host (like Raspberry Pi) and then transferred to NCS for inference. In this paper, we demonstrate practical and low-cost cold boot based model recovery attacks on NCS to recover the model architecture and weights, loaded from the Raspberry Pi. The architecture is recovered with 100% success and weights with an error rate of 0.04%. The recovered model reports maximum accuracy loss of 0.5% as compared to original model and allows high fidelity transfer of adversarial examples. We further extend our study to other cold boot attack setups reported in the literature with higher error rates leading to accuracy loss as high as 70%. We then propose a methodology based on knowledge distillation to correct the erroneous weights in recovered model, even without access to original training data. The proposed attack remains unaffected by the model encryption features of the OpenVINO and NCS framework. | en_US |
dc.description.sponsorship | National Research Foundation (NRF) | en_US |
dc.language.iso | en | en_US |
dc.relation | NRF2018NCR- NCR009-0001 | en_US |
dc.rights | © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/ICCAD51958.2021.9643512. | en_US |
dc.subject | Engineering::Electrical and electronic engineering::Computer hardware, software and systems | en_US |
dc.title | DeepFreeze : cold boot attacks and high fidelity model recovery on commercial EdgeML device | en_US |
dc.type | Conference Paper | en |
dc.contributor.school | School of Electrical and Electronic Engineering | en_US |
dc.contributor.conference | 2021 IEEE/ACM International Conference On Computer Aided Design (ICCAD) | en_US |
dc.contributor.research | Temasek Laboratories @ NTU | en_US |
dc.identifier.doi | 10.1109/ICCAD51958.2021.9643512 | - |
dc.description.version | Submitted/Accepted version | en_US |
dc.identifier.scopus | 2-s2.0-85124155429 | - |
dc.identifier.spage | 1 | en_US |
dc.identifier.epage | 9 | en_US |
dc.subject.keywords | Cold Boot Attack | en_US |
dc.subject.keywords | EdgeML | en_US |
dc.citation.conferencelocation | Munich, Germany | en_US |
dc.description.acknowledgement | This research is supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR- NCR009-0001) | en_US |
item.fulltext | With Fulltext | - |
item.grantfulltext | open | - |
Appears in Collections: | EEE Conference Papers TL Conference Papers |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
_2021_ICCAD__CBA_for_Edge_ML (2).pdf | 3.48 MB | Adobe PDF | View/Open |
SCOPUSTM
Citations
50
6
Updated on Mar 26, 2024
Page view(s)
181
Updated on Mar 28, 2024
Download(s) 50
63
Updated on Mar 28, 2024
Google ScholarTM
Check
Altmetric
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.