Peter Horvath

Peter Horvath, Ilia Shumailov, Lukasz Chmielewski et al. · deepmind

The multi-million dollar investment required for modern machine learning (ML) has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA Cores in a GPU. For the first time, our work demonstrates parameter extraction on the specialized GPU's Tensor Core units, most commonly used GPU units nowadays due to their superior performance, via near-field physical side-channel attacks. Previous work targeted only the general-purpose CUDA Cores in the GPU, the functional units that have been part of the GPU since its inception. Our method is tailored to the GPU architecture to accurately estimate energy consumption and derive efficient attacks via Correlation Power Analysis (CPA). Furthermore, we provide an exploratory analysis of hyperparameter and weight leakage from LLMs in far field and demonstrate that the GPU's electromagnetic radiation leaks even 100 cm away through a glass obstacle.

Tivadar Danka, Peter Horvath

modAL is a modular active learning framework for Python, aimed to make active learning research and practice simpler. Its distinguishing features are (i) clear and modular object oriented design (ii) full compatibility with scikit-learn models and workflows. These features make fast prototyping and easy extensibility possible, aiding the development of real-life active learning pipelines and novel algorithms as well. modAL is fully open source, hosted on GitHub at https://github.com/cosmic-cortex/modAL. To assure code quality, extensive unit tests are provided and continuous integration is applied. In addition, a detailed documentation with several tutorials are also available for ease of use. The framework is available in PyPI and distributed under the MIT license.

Peter Horvath, Lukasz Chmielewski, Leo Weissbart et al.

Neural networks have become popular due to their versatility and state-of-the-art results in many applications, such as image classification, natural language processing, speech recognition, forecasting, etc. These applications are also used in resource-constrained environments such as embedded devices. In this work, the susceptibility of neural network implementations to reverse engineering is explored on the NVIDIA Jetson Nano microcomputer via side-channel analysis. To this end, an architecture extraction attack is presented. In the attack, 15 popular convolutional neural network architectures (EfficientNets, MobileNets, NasNet, etc.) are implemented on the GPU of Jetson Nano and the electromagnetic radiation of the GPU is analyzed during the inference operation of the neural networks. The results of the analysis show that neural network architectures are easily distinguishable using deep learning-based side-channel analysis.

Jozsef Molnar, Peter Horvath

We introduce a novel approach for object segmentation from 3D images using modified minimal path Eikonal equation. The proposed method utilizes an implicit constraint - a second order correction to the inhomogeneous minimal path Eikonal - preventing the adjacent minimal path trajectories to diverge uncontrollably. The proposed modification greatly reduces the surface area uncovered by minimal paths allowing the use of the calculated minimal path set as parameter lines of an approximate surface. It also has a loose connection with the true minimal surface Eikonal equations that are also deduced.

Jozsef Molnar, Peter Horvath

As the continuation of the contour mean calculation - designed for averaging the manual delineations of 3D layer stack images - in this paper, the most important equations: a) the reparameterization equations to determine the minimizing diffeomorphism and b) the proper centroid calculation for the surface mean calculation are presented. The chosen representation space: escaled Position by Square root Normal (RPSN) is a real valued vector space, invariant under the action of the reparameterization group and the imposed L2 metric (used to define the distance function) has well defined meaning: the sum of the central second moments of the coordinate functions. For comparision purpose, the reparameterization equations for elastic surface matching, using the Square Root Normal Function (SRNF) are also provided. The reparameterization equations for these cases have formal similarity, albeit the targeted applications differ: SRNF representation suitable for shape analysis purpose whereas RPSN is more fit for the cases where all contextual information - including the relative translation between the constituent surfaces - are to be retained (but the sake of theoretical completeness, the possibility of the consistent relative displacement removal in the RPSN case is also addressed).

Jozsef Molnar, Peter Horvath

In this paper we present a balanced phase field model for active surfaces. This work is devoted to the generalization of the Balanced Phase Field Model for Active Contours devised to eliminate the often undesirable curvature-dependent shrinking of the zero level set while maintaining the smooth interface necessary to calculate the fundamental geometric quantities of the represented contour. As its antecedent work, the proposed model extends the Ginzburg-Landau phase field energy with a higher order smoothness term. The relative weights are determined with the analysis of the level set motion in a curvilinear system adapted to the zero level set. The proposed model exhibits strong shape maintaining capability without significant interference with the active (e.g. a segmentation) model.