Neural Network Stealing via Meltdown

Hoyong Jeong; Dohyun Ryu; Junbeom Hur

doi:10.1109/ICOIN50884.2021.9333926

Neural Network Stealing via Meltdown

Hoyong Jeong, Dohyun Ryu, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.

Original language	English
Title of host publication	35th International Conference on Information Networking, ICOIN 2021
Publisher	IEEE Computer Society
Pages	36-38
Number of pages	3
ISBN (Electronic)	9781728191003
DOIs	https://doi.org/10.1109/ICOIN50884.2021.9333926
Publication status	Published - 2021 Jan 13
Event	35th International Conference on Information Networking, ICOIN 2021 - Jeju Island, Korea, Republic of Duration: 2021 Jan 13 → 2021 Jan 16

Publication series

Name	International Conference on Information Networking
Volume	2021-January
ISSN (Print)	1976-7684

Conference

Conference	35th International Conference on Information Networking, ICOIN 2021
Country/Territory	Korea, Republic of
City	Jeju Island
Period	21/1/13 → 21/1/16

Bibliographical note

Funding Information:
This work was supported by Institute of Information communications Technology Planning Evaluation (IITP) grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation) (No.2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security) (IITP-2020-0-01819, ICT Creative Consilience program).

Publisher Copyright:
© 2021 IEEE.

Keywords

Meltdown
cloud computing
deep learning
neural network stealing

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems

Access to Document

10.1109/ICOIN50884.2021.9333926

Cite this

Jeong, H, Ryu, D & Hur, J 2021, Neural Network Stealing via Meltdown. in 35th International Conference on Information Networking, ICOIN 2021., 9333926, International Conference on Information Networking, vol. 2021-January, IEEE Computer Society, pp. 36-38, 35th International Conference on Information Networking, ICOIN 2021, Jeju Island, Korea, Republic of, 21/1/13. https://doi.org/10.1109/ICOIN50884.2021.9333926

@inproceedings{6af51fb3973543508ac86aafa76622ed,

title = "Neural Network Stealing via Meltdown",

abstract = "Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.",

keywords = "Meltdown, cloud computing, deep learning, neural network stealing",

author = "Hoyong Jeong and Dohyun Ryu and Junbeom Hur",

note = "Funding Information: This work was supported by Institute of Information communications Technology Planning Evaluation (IITP) grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation) (No.2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security) (IITP-2020-0-01819, ICT Creative Consilience program). Publisher Copyright: {\textcopyright} 2021 IEEE.; 35th International Conference on Information Networking, ICOIN 2021 ; Conference date: 13-01-2021 Through 16-01-2021",

year = "2021",

month = jan,

day = "13",

doi = "10.1109/ICOIN50884.2021.9333926",

language = "English",

series = "International Conference on Information Networking",

publisher = "IEEE Computer Society",

pages = "36--38",

booktitle = "35th International Conference on Information Networking, ICOIN 2021",

}

TY - GEN

T1 - Neural Network Stealing via Meltdown

AU - Jeong, Hoyong

AU - Ryu, Dohyun

AU - Hur, Junbeom

N1 - Funding Information: This work was supported by Institute of Information communications Technology Planning Evaluation (IITP) grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation) (No.2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security) (IITP-2020-0-01819, ICT Creative Consilience program). Publisher Copyright: © 2021 IEEE.

PY - 2021/1/13

Y1 - 2021/1/13

N2 - Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.

AB - Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.

KW - Meltdown

KW - cloud computing

KW - deep learning

KW - neural network stealing

UR - http://www.scopus.com/inward/record.url?scp=85100740611&partnerID=8YFLogxK

U2 - 10.1109/ICOIN50884.2021.9333926

DO - 10.1109/ICOIN50884.2021.9333926

M3 - Conference contribution

AN - SCOPUS:85100740611

T3 - International Conference on Information Networking

SP - 36

EP - 38

BT - 35th International Conference on Information Networking, ICOIN 2021

PB - IEEE Computer Society

T2 - 35th International Conference on Information Networking, ICOIN 2021

Y2 - 13 January 2021 through 16 January 2021

ER -

Neural Network Stealing via Meltdown

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this