We cordially invite you to the next CASA Distinguished Lecture Online on Tuesday, November 21.
When: 21.11.2023, 2 PM
Where: Building TZR ("MB"), Level 1, Room S-MO-104, Universitätsstraße 142, 44799 Bochum
Abstract. Deep Neural Networks (DNNs) are widely used for prediction and classification tasks. However, they are vulnerable to a variety of threats, including model extraction, evasion and inversion attacks. Model extraction attacks steal DNN models, which is a threat to intellectual property, data privacy, and security. We propose a novel DNN architecture extraction attack called EZClone, which uses aggregate GPU profiles as a side-channel information to reconstruct DNN model from an execution. We find that EZClone can correctly predict the architecture of all PyTorch vision architectures with 100% accuracy. This is the highest accuracy achieved by any attack with the same adversarial constraints using side-channel information. Prior work has shown that once a DNN has been successfully cloned, further attacks such as model evasion or model inversion can be accelerated significantly. This talk will also discuss side-channel leakage mitigation techniques.
Bio. Sandip Kundu is a Professor of Electrical and Computer Engineering at the University of Massachusetts Amherst. Until recently, he was also a program director at the National Science Foundation within the CISE directorate. Kundu began his career at IBM Research as a Research Staff Member; then worked at Intel Corporation as a Principal Engineer before joining UMass Amherst as a professor in 2005. He has published nearly 300 research papers in VLSI design and test, holds several key patents including ultra-drowsy sleep mode in processors, and has given more than a dozen tutorials at various conferences. He is a Fellow of the IEEE, Fellow of the Japan Society for Promotion of Science (JSPS), Senior International Scientist of the Chinese Academy of Sciences and was a Distinguished Visitor of the IEEE Computer Society. He has been an Associate Editor of the IEEE Transactions on Dependable and Secure Computing. Associate Editor of the IEEE Transactions on Computers, IEEE Transactions on VLSI Systems and ACM Transactions on Design Automation of Electronic Systems. He has been Technical Program Chair/General Chair of multiple conferences including ICCD, ATS, ISVLSI, DFTS and VLSI Design Conference.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.