In-memory computing (IMC) systems have great potential for accelerating
data-intensive tasks such as deep neural networks (DNNs). As DNN models are
generally highly proprietary, the neural network architectures become valuable
targets for attacks. In IMC systems, since the whole model is mapped on chip
and weight memory read can be restricted, the pre-mapped DNN model acts as a
“black box” for users. However, the localized and stationary weight and data
patterns may subject IMC systems to other attacks. In this paper, we propose a
side-channel attack methodology on IMC architectures. We show that it is
possible to extract model architectural information from power trace
measurements without any prior knowledge of the neural network. We first
developed a simulation framework that can emulate the dynamic power traces of
the IMC macros. We then performed side-channel leakage analysis to reverse
engineer model information such as the stored layer type, layer sequence,
output channel/feature size and convolution kernel size from power traces of
the IMC macros. Based on the extracted information, full networks can
potentially be reconstructed without any knowledge of the neural network.
Finally, we discuss potential countermeasures for building IMC systems that
offer resistance to these model extraction attack.
Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!
More Stories
DCVC2 – A Golang Discord C2 Unlike Any Other
TMI! Finetuned Models Leak Private Information from their Pretraining Data. (arXiv:2306.01181v1 [cs.LG])
Federated Graph Learning for Low Probability of Detection in Wireless Ad-Hoc Networks. (arXiv:2306.01143v1 [cs.LG])