Linda Guiga scite author profile

Linda Guiga

4Publications

15Citation Statements Received

102Citation Statements Given

How they've been cited

How they cite others

102

Affiliations

Télécom Paris, Institut Polytechnique de Paris

Publications

Order By: Most citations

Side channel attacks for architecture extraction of neural networks

Chabanne

Danger

Guiga

et al. 2021

CAAI Trans on Intel Tech

View full text Add to dashboard Cite

Side channel attacks (SCAs) on neural networks (NNs) are particularly efficient for retrieving secret information from NNs. We differentiate multiple types of threat scenarios regarding what kind of information is available before the attack and its purpose: recovering hyperparameters (the architecture) of the targeted NN, its weights (parameters), or its inputs. In this survey article, we consider the most relevant attacks to extract the architecture of CNNs. We also categorize SCAs, depending on access with respect to the victim: physical, local, or remote. Attacks targeting the architecture via local SCAs are most common. As of today, physical access seems necessary to retrieve the weights of an NN. We notably describe cache attacks, which are local SCAs aiming to extract the NN's underlying architecture. Few countermeasures have emerged; these are presented at the end of the survey. This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

A Protection against the Extraction of Neural Network Models

Chabanne¹,

Despiegel²,

Guiga³

2020

Preprint

View full text Add to dashboard Cite

Given oracle access to a Neural Network (NN), it is possible to extract its underlying model. We here introduce a protection by adding parasitic layers which mostly keep unchanged the underlying NN while complexifying the task of reverse-engineering. Our countermeasure relies on approximating the identity mapping with a Convolutional NN. We explain why the introduction of new parasitic layers complexifies the attacks. We report experiments regarding the performance and the accuracy of the protected NN.

show abstract

Neural Network Security: Hiding CNN Parameters with Guided Grad-CAM

Guiga

Roscoe

2020

View full text Add to dashboard Cite

A Protection against the Extraction of Neural Network Models

Chabanne

Despiegel²,

Guiga

2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Linda Guiga

Side channel attacks for architecture extraction of neural networks

A Protection against the Extraction of Neural Network Models

Neural Network Security: Hiding CNN Parameters with Guided Grad-CAM

A Protection against the Extraction of Neural Network Models

Contact Info

Product

Resources

About