DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kim, Yongdae | - |
dc.contributor.advisor | 김용대 | - |
dc.contributor.author | Song, Changhun | - |
dc.date.accessioned | 2022-04-27T19:32:23Z | - |
dc.date.available | 2022-04-27T19:32:23Z | - |
dc.date.issued | 2021 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=957318&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/296192 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2021.2,[iv, 26 p. :] | - |
dc.description.abstract | Neural Processing Unit (NPU) is a processor to use machine learning efficiently on embedded devices. In comparison to CPU and GPU, research on NPU has drawn less attention among security researchers. Some of the NPUs have adopted a new optimization technique called ”zero-skipping”, which skips all operations with zero-valued operands using a hardware circuit. This technique significantly increases the performance of NPU by decreasing the processing time | - |
dc.description.abstract | however, there have been no studies on investigating the side-effect of such an optimization technique. Can an attacker steal useful information by exploiting the reduced time? To answer this question, we conduct a first study on investigating the feasibility of a side-channel attack on NPUs with the zero-skipping feature. We investigate the relationship between the number of zero-valued operands and the output class in the binary classification model. For this, we conducted a series of experiments on several binary classification models based on neural networks such as CNN and ResNet v1 with MNIST, CIFAR-10, and FVC_2000_DB4_B datasets. As a result, we discovered that the extreme numbers of zero-valued operands, whether they are small or large, are highly biased to a specific output class. From this observation, we propose an adversarial input generation algorithm and demonstrate the feasibility of a timing side-channel attack on NPUs with the zero-skipping feature. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | Machine Learning▼aSide Channel Attack▼aNeural Processing Unit▼aAdversarial Example▼aHardware Security | - |
dc.subject | 기계학습▼a시간 부채널 공격▼a신경망 처리 장치▼a적대적 예제 생성▼a하드웨어 보안 | - |
dc.title | (An) adversarial side channel attack on neural processing unit | - |
dc.title.alternative | 기계학습 전용 프로세서에 대한 시간 부채널 공격 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
dc.contributor.alternativeauthor | 송창훈 | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.