DeepPeep: Exploiting Design Ramifications to Decipher the Architecture of Compact DNNs

Jha, Nandan Kumar and Mittal, Sparsh and Kumar, Binod and et al, . (2020) DeepPeep: Exploiting Design Ramifications to Decipher the Architecture of Compact DNNs. ACM Journal on Emerging Technologies in Computing Systems, 17 (1). pp. 1-25. ISSN 1550-4832

[img] Text
Computing_Systems.pdf - Published Version
Restricted to Registered users only

Download (2MB) | Request a copy

Abstract

The remarkable predictive performance of deep neural networks (DNNs) has led to their adoptionin service domains of unprecedented scale and scope. However, the widespread adoption and growing commercialization of DNNs have underscored the importance of intellectual property (IP) protection. Devising techniques to ensure IP protection has become necessary due to the increasing trend of outsourcing the DNN computations on the untrusted accelerators in cloud-based services. The design methodologies and hyper-parameters of DNNs are crucial information, and leaking them may cause massive economic loss to the organization. Furthermore, the knowledge of DNN's architecture can increase the success probability of an adversarial attack where an adversary perturbs the inputs and alters the prediction. In this work, we devise a two-stage attack methodology "DeepPeep,"which exploits the distinctive characteristics of design methodologies to reverse-engineer the architecture of building blocks in compact DNNs. We show the efficacy of "DeepPeep"on P100 and P4000 GPUs. Additionally, we propose intelligent design maneuvering strategies for thwarting IP theft through the DeepPeep attack and proposed "Secure MobileNet-V1."Interestingly, compared tovanilla MobileNet-V1, secure MobileNet-V1 provides a significant reduction in inference latency (≈60%) and improvement in predictive performance (≈2%) with very low memory and computation overheads. © 2020 ACM.

[error in script]
IITH Creators:
IITH CreatorsORCiD
Item Type: Article
Additional Information: Support for this work was provided by Semiconductor Research Corporation. Authors’ addresses: N. K. Jha and G. Mattela, Indian Institute of Technology Hyderabad, Kandi, Sangareddy, Telangana, 502285, India; emails: {cs17mtech11010, cs18mds11034}@iith.ac.in; S. Mittal, Indian Institute of Technology Roorkee, Roor-kee, Uttarakhand, 247667, India; email: sparshfec@iitr.ac.in; B. Kumar, Indian Institute of Technology Bombay, Powai, Mumbai, Maharashtra, 400076, India; email: binodkumar@ee.iitb.ac.in. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2020 Association for Computing Machinery. 1550-4832/2020/10-ART5 $15.00 https://doi.org/10.1145/3414552
Uncontrolled Keywords: Deep neural networks; intellectual property; side-channel attacks
Subjects: Computer science
Divisions: Department of Computer Science & Engineering
Depositing User: . LibTrainee 2021
Date Deposited: 29 Oct 2022 07:58
Last Modified: 29 Oct 2022 07:58
URI: http://raiith.iith.ac.in/id/eprint/11094
Publisher URL: http://doi.org/10.1145/3414552
OA policy: https://v2.sherpa.ac.uk/id/publication/10663
Related URLs:

Actions (login required)

View Item View Item
Statistics for RAIITH ePrint 11094 Statistics for this ePrint Item