Full metadata
Title
Enhancing and Evaluating Neural Network Extraction Through Floating Point Timing Side Channels
Description
The rise in popularity of applications and services that charge for access to proprietary trained models has led to increased interest in the robustness of these models and the security of the environments in which inference is conducted. State-of-the-art attacks extract models and generate adversarial examples by inferring relationships between a model’s input and output. Popular variants of these attacks have been shown to be deterred by countermeasures that poison predicted class distributions and mask class boundary gradients. Neural networks are also vulnerable to timing side-channel attacks. This work builds on top of Subneural, an attack framework that uses floating point timing side channels to extract neural structures. Novel applications of addition timing side channels are introduced, allowing the signs and arrangements of leaked parameters to be discerned more efficiently. Addition timing is also used to leak network biases, making the framework applicable to a wider range of targets. The enhanced framework is shown to be effective against models protected by prediction poisoning and gradient masking adversarial countermeasures and to be competitive with adaptive black box adversarial attacks against stateful defenses. Mitigations necessary to protect against floating-point timing side-channel attacks are also presented.
Date Created
2023
Contributors
- Vipat, Gaurav (Author)
- Shoshitaishvili, Yan (Thesis advisor)
- Doupe, Adam (Committee member)
- Srivastava, Siddharth (Committee member)
- Arizona State University (Publisher)
Topical Subject
Resource Type
Extent
63 pages
Language
eng
Copyright Statement
In Copyright
Primary Member of
Peer-reviewed
No
Open Access
No
Handle
https://hdl.handle.net/2286/R.2.N.190944
Level of coding
minimal
Cataloging Standards
Note
Partial requirement for: M.S., Arizona State University, 2023
Field of study: Computer Science
System Created
- 2023-12-14 01:55:39
System Modified
- 2023-12-14 01:55:44
- 10 months 3 weeks ago
Additional Formats