{"title":"通过Meltdown窃取神经网络","authors":"Hoyong Jeong, Dohyun Ryu, Junbeom Hur","doi":"10.1109/ICOIN50884.2021.9333926","DOIUrl":null,"url":null,"abstract":"Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.","PeriodicalId":6741,"journal":{"name":"2021 International Conference on Information Networking (ICOIN)","volume":"114 1","pages":"36-38"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Neural Network Stealing via Meltdown\",\"authors\":\"Hoyong Jeong, Dohyun Ryu, Junbeom Hur\",\"doi\":\"10.1109/ICOIN50884.2021.9333926\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.\",\"PeriodicalId\":6741,\"journal\":{\"name\":\"2021 International Conference on Information Networking (ICOIN)\",\"volume\":\"114 1\",\"pages\":\"36-38\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Information Networking (ICOIN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICOIN50884.2021.9333926\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Information Networking (ICOIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOIN50884.2021.9333926","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
