TY - GEN
T1 - Neural Network Stealing via Meltdown
AU - Jeong, Hoyong
AU - Ryu, Dohyun
AU - Hur, Junbeom
N1 - Funding Information:
This work was supported by Institute of Information communications Technology Planning Evaluation (IITP) grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation) (No.2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security) (IITP-2020-0-01819, ICT Creative Consilience program).
Publisher Copyright:
© 2021 IEEE.
PY - 2021/1/13
Y1 - 2021/1/13
N2 - Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.
AB - Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.
KW - Meltdown
KW - cloud computing
KW - deep learning
KW - neural network stealing
UR - http://www.scopus.com/inward/record.url?scp=85100740611&partnerID=8YFLogxK
U2 - 10.1109/ICOIN50884.2021.9333926
DO - 10.1109/ICOIN50884.2021.9333926
M3 - Conference contribution
AN - SCOPUS:85100740611
T3 - International Conference on Information Networking
SP - 36
EP - 38
BT - 35th International Conference on Information Networking, ICOIN 2021
PB - IEEE Computer Society
T2 - 35th International Conference on Information Networking, ICOIN 2021
Y2 - 13 January 2021 through 16 January 2021
ER -