Cyber Security Seminar by Dr. Stjepan Picek : Recovering the Input of Artificial Neural Networks via Single Shot Side-channel Attacks

04 June 2019 12:00 till 12:45 - Location: FACULTY EEMCS-BUILDING 28, TURING COLLOQUIUMROOM 0.E420

In recent years, the interplay between machine learning and security is becoming more prominent and important for pervasive security applications. This comes naturally because of the need to improve security in a more automated way. Still, those new applications using machine learning, such as e.g. autonomous vehicles, bring new risks as machine learning is not designed to work in an adversarial setting. In this work, we show that it is possible to reverse-engineer the inputs to a neural network with only a single-shot measurement assuming the attacker has the knowledge on the neural network architecture being used. To this end, we consider a multilayer perceptron as the machine learning architecture of choice and assume a non-invasive and eavesdropping attacker capable of measuring only passive side-channel leakages like power consumption, electromagnetic radiation, and reaction time.