当前位置: X-MOL 学术ACM J. Emerg. Technol. Comput. Syst. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
DeepPeep
ACM Journal on Emerging Technologies in Computing Systems ( IF 2.2 ) Pub Date : 2020-10-28 , DOI: 10.1145/3414552
Nandan Kumar Jha 1 , Sparsh Mittal 2 , Binod Kumar 3 , Govardhan Mattela 1
Affiliation  

The remarkable predictive performance of deep neural networks (DNNs) has led to their adoption in service domains of unprecedented scale and scope. However, the widespread adoption and growing commercialization of DNNs have underscored the importance of intellectual property (IP) protection. Devising techniques to ensure IP protection has become necessary due to the increasing trend of outsourcing the DNN computations on the untrusted accelerators in cloud-based services. The design methodologies and hyper-parameters of DNNs are crucial information, and leaking them may cause massive economic loss to the organization. Furthermore, the knowledge of DNN’s architecture can increase the success probability of an adversarial attack where an adversary perturbs the inputs and alters the prediction. In this work, we devise a two-stage attack methodology “DeepPeep,” which exploits the distinctive characteristics of design methodologies to reverse-engineer the architecture of building blocks in compact DNNs. We show the efficacy of “DeepPeep” on P100 and P4000 GPUs. Additionally, we propose intelligent design maneuvering strategies for thwarting IP theft through the DeepPeep attack and proposed “Secure MobileNet-V1.” Interestingly , compared to vanilla MobileNet-V1, secure MobileNet-V1 provides a significant reduction in inference latency (≈60%) and improvement in predictive performance (≈2%) with very low memory and computation overheads.

中文翻译:

深窥

深度神经网络 (DNN) 卓越的预测性能已导致其在前所未有的规模和范围的服务领域中得到采用。然而,DNN 的广泛采用和日益商业化凸显了知识产权 (IP) 保护的重要性。由于越来越多的趋势将 DNN 计算外包到基于云的服务中不受信任的加速器上,因此需要设计技术以确保 IP 保护。DNN 的设计方法和超参数是至关重要的信息,泄露它们可能会给组织造成巨大的经济损失。此外,对 DNN 架构的了解可以增加对手扰乱输入并改变预测的对抗性攻击的成功概率。在这项工作中,我们设计了一种两阶段攻击方法“DeepPeep”,它利用设计方法的独特特征对紧凑 DNN 中构建块的架构进行逆向工程。我们展示了“DeepPeep”在 P100 和 P4000 GPU 上的功效。此外,我们提出了智能设计机动策略,用于通过 DeepPeep 攻击阻止 IP 盗窃,并提出了“Secure MobileNet-V1”。有趣的是,与普通的 MobileNet-V1 相比,安全的 MobileNet-V1 显着降低了推理延迟(≈60%)并提高了预测性能(≈2%),同时内存和计算开销非常低。
更新日期:2020-10-28
down
wechat
bug