AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters

Manaar Alam; Michail Maniatakos

doi:10.1145/3649329.3655682

AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The paper introduces AdvHunter, a novel strategy to detect adversarial examples (AEs) in Deep Neural Networks (DNNs). AdvHunter operates effectively in practical black-box scenarios, where only hard-label query access is available, a situation often encountered with proprietary DNNs. This differentiates it from existing defenses, which usually rely on white-box access or need to be integrated during the training phase - requirements often not feasible with proprietary DNNs. AdvHunter functions by monitoring data flow dynamics within the computational environment during the inference phase of DNNs. It utilizes Hardware Performance Counters to monitor microarchitectural activities and employs principles of Gaussian Mixture Models to detect AEs. Extensive evaluation across various datasets, DNN architectures, and adversarial perturbations demonstrate the effectiveness of AdvHunter.

Original language	English (US)
Title of host publication	Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798400706011
DOIs	https://doi.org/10.1145/3649329.3655682
State	Published - Nov 7 2024
Event	61st ACM/IEEE Design Automation Conference, DAC 2024 - San Francisco, United States Duration: Jun 23 2024 → Jun 27 2024

Publication series

Name	Proceedings - Design Automation Conference
ISSN (Print)	0738-100X

Conference

Conference	61st ACM/IEEE Design Automation Conference, DAC 2024
Country/Territory	United States
City	San Francisco
Period	6/23/24 → 6/27/24

ASJC Scopus subject areas

Computer Science Applications
Control and Systems Engineering
Electrical and Electronic Engineering
Modeling and Simulation

Access to Document

10.1145/3649329.3655682

Cite this

Alam, M., & Maniatakos, M. (2024). AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters. In Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024 Article 184 (Proceedings - Design Automation Conference). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3649329.3655682

AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters. / Alam, Manaar; Maniatakos, Michail.
Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024. Institute of Electrical and Electronics Engineers Inc., 2024. 184 (Proceedings - Design Automation Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Alam, M & Maniatakos, M 2024, AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters. in Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024., 184, Proceedings - Design Automation Conference, Institute of Electrical and Electronics Engineers Inc., 61st ACM/IEEE Design Automation Conference, DAC 2024, San Francisco, United States, 6/23/24. https://doi.org/10.1145/3649329.3655682

@inproceedings{2fd09264b2054c1e998111bb39a46fbf,

title = "AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters",

abstract = "The paper introduces AdvHunter, a novel strategy to detect adversarial examples (AEs) in Deep Neural Networks (DNNs). AdvHunter operates effectively in practical black-box scenarios, where only hard-label query access is available, a situation often encountered with proprietary DNNs. This differentiates it from existing defenses, which usually rely on white-box access or need to be integrated during the training phase - requirements often not feasible with proprietary DNNs. AdvHunter functions by monitoring data flow dynamics within the computational environment during the inference phase of DNNs. It utilizes Hardware Performance Counters to monitor microarchitectural activities and employs principles of Gaussian Mixture Models to detect AEs. Extensive evaluation across various datasets, DNN architectures, and adversarial perturbations demonstrate the effectiveness of AdvHunter.",

author = "Manaar Alam and Michail Maniatakos",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.; 61st ACM/IEEE Design Automation Conference, DAC 2024 ; Conference date: 23-06-2024 Through 27-06-2024",

year = "2024",

month = nov,

day = "7",

doi = "10.1145/3649329.3655682",

language = "English (US)",

series = "Proceedings - Design Automation Conference",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024",

}

TY - GEN

T1 - AdvHunter

T2 - 61st ACM/IEEE Design Automation Conference, DAC 2024

AU - Alam, Manaar

AU - Maniatakos, Michail

PY - 2024/11/7

Y1 - 2024/11/7

N2 - The paper introduces AdvHunter, a novel strategy to detect adversarial examples (AEs) in Deep Neural Networks (DNNs). AdvHunter operates effectively in practical black-box scenarios, where only hard-label query access is available, a situation often encountered with proprietary DNNs. This differentiates it from existing defenses, which usually rely on white-box access or need to be integrated during the training phase - requirements often not feasible with proprietary DNNs. AdvHunter functions by monitoring data flow dynamics within the computational environment during the inference phase of DNNs. It utilizes Hardware Performance Counters to monitor microarchitectural activities and employs principles of Gaussian Mixture Models to detect AEs. Extensive evaluation across various datasets, DNN architectures, and adversarial perturbations demonstrate the effectiveness of AdvHunter.

AB - The paper introduces AdvHunter, a novel strategy to detect adversarial examples (AEs) in Deep Neural Networks (DNNs). AdvHunter operates effectively in practical black-box scenarios, where only hard-label query access is available, a situation often encountered with proprietary DNNs. This differentiates it from existing defenses, which usually rely on white-box access or need to be integrated during the training phase - requirements often not feasible with proprietary DNNs. AdvHunter functions by monitoring data flow dynamics within the computational environment during the inference phase of DNNs. It utilizes Hardware Performance Counters to monitor microarchitectural activities and employs principles of Gaussian Mixture Models to detect AEs. Extensive evaluation across various datasets, DNN architectures, and adversarial perturbations demonstrate the effectiveness of AdvHunter.

UR - http://www.scopus.com/inward/record.url?scp=85211117667&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85211117667&partnerID=8YFLogxK

U2 - 10.1145/3649329.3655682

DO - 10.1145/3649329.3655682

M3 - Conference contribution

AN - SCOPUS:85211117667

T3 - Proceedings - Design Automation Conference

BT - Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 23 June 2024 through 27 June 2024

ER -

AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this