TY - GEN
T1 - Camo-DNN
T2 - 30th IEEE International Symposium on On-line Testing and Robust System Design, IOLTS 2024
AU - Ahmadi, Mahya Morid
AU - Alrahis, Lilas
AU - Sinanoglu, Ozgur
AU - Shafique, Muhammad
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Extracting the architecture of layers of a given deep neural network (DNN) through hardware-based side channels allows adversaries to steal its intellectual property and even launch powerful adversarial attacks on the target system. In this work, we propose Camo D N N, an obfuscation method for DNNs that forces all the layers in a given network to have similar execution traces, preventing attack models from differentiating between the layers. Towards this, Camo DNN performs various layer-obfuscation operations, e.g., layer branching layer deepening, etc., to alter the run-time traces while maintaining the functionality. Camo-DNN deploys an evolutionary algorithm to find the best combination of obfuscation operations in terms of maximizing the security level while maintaining a user-provided latency overhead budget Our experiments show that state-of-the-art side-channel architecture stealing attacks cannot extract the architecture of DNN protected by Camo-DNN accurately. Further, we highlight that the adversarial attack on our obfuscated DNNs are unsuccessful.
AB - Extracting the architecture of layers of a given deep neural network (DNN) through hardware-based side channels allows adversaries to steal its intellectual property and even launch powerful adversarial attacks on the target system. In this work, we propose Camo D N N, an obfuscation method for DNNs that forces all the layers in a given network to have similar execution traces, preventing attack models from differentiating between the layers. Towards this, Camo DNN performs various layer-obfuscation operations, e.g., layer branching layer deepening, etc., to alter the run-time traces while maintaining the functionality. Camo-DNN deploys an evolutionary algorithm to find the best combination of obfuscation operations in terms of maximizing the security level while maintaining a user-provided latency overhead budget Our experiments show that state-of-the-art side-channel architecture stealing attacks cannot extract the architecture of DNN protected by Camo-DNN accurately. Further, we highlight that the adversarial attack on our obfuscated DNNs are unsuccessful.
UR - http://www.scopus.com/inward/record.url?scp=85201399706&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85201399706&partnerID=8YFLogxK
U2 - 10.1109/IOLTS60994.2024.10616065
DO - 10.1109/IOLTS60994.2024.10616065
M3 - Conference contribution
AN - SCOPUS:85201399706
T3 - Proceedings - 2024 IEEE 30th International Symposium on On-line Testing and Robust System Design, IOLTS 2024
BT - Proceedings - 2024 IEEE 30th International Symposium on On-line Testing and Robust System Design, IOLTS 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 3 July 2024 through 5 July 2024
ER -