Neural Network Stealing via Meltdown

Hoyong Jeong, Dohyun Ryu, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deep learning services are now deployed in various fields on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multitenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep learning service with 92.875% accuracy and 1.325kB/s extraction speed.

Original languageEnglish
Title of host publication35th International Conference on Information Networking, ICOIN 2021
PublisherIEEE Computer Society
Pages36-38
Number of pages3
ISBN (Electronic)9781728191003
DOIs
Publication statusPublished - 2021 Jan 13
Event35th International Conference on Information Networking, ICOIN 2021 - Jeju Island, Korea, Republic of
Duration: 2021 Jan 132021 Jan 16

Publication series

NameInternational Conference on Information Networking
Volume2021-January
ISSN (Print)1976-7684

Conference

Conference35th International Conference on Information Networking, ICOIN 2021
Country/TerritoryKorea, Republic of
CityJeju Island
Period21/1/1321/1/16

Keywords

  • Meltdown
  • cloud computing
  • deep learning
  • neural network stealing

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Fingerprint

Dive into the research topics of 'Neural Network Stealing via Meltdown'. Together they form a unique fingerprint.

Cite this