How Secure are Deep Learning Algorithms from Side-Channel based Reverse Engineering?
This work addresses data privacy concerns in deep learning for applications like medical image analysis, but it is incremental as it builds on existing efforts to analyze information leakages.
The paper tackles the problem of evaluating information leakages in deep learning systems, specifically for privacy-preserving applications, by proposing a strategy using hardware performance counters and hypothesis testing on a CNN-based image classifier to detect input data leakage.
Deep Learning algorithms have recently become the de-facto paradigm for various prediction problems, which include many privacy-preserving applications like online medical image analysis. Presumably, the privacy of data in a deep learning system is a serious concern. There have been several efforts to analyze and exploit the information leakages from deep learning architectures to compromise data privacy. In this paper, however, we attempt to provide an evaluation strategy for such information leakages through deep neural network architectures by considering a case study on Convolutional Neural Network (CNN) based image classifier. The approach takes the aid of low-level hardware information, provided by Hardware Performance Counters (HPCs), during the execution of a CNN classifier and a simple hypothesis testing in order to produce an alarm if there exists any information leakage on the actual input.