Compilation as a Defense: Enhancing DL Model Attack Robustness via Tensor Optimization
This work addresses security vulnerabilities in deep learning models for applications requiring robust defense against adversarial threats, presenting an incremental improvement by applying existing compilation methods to a new problem.
The paper tackles the problem of defending deep learning models against side-channel attacks in adversarial machine learning by using model compilation techniques, specifically tensor optimization, and reports a relative decrease in attack effectiveness of up to 43%.
Adversarial Machine Learning (AML) is a rapidly growing field of security research, with an often overlooked area being model attacks through side-channels. Previous works show such attacks to be serious threats, though little progress has been made on efficient remediation strategies that avoid costly model re-engineering. This work demonstrates a new defense against AML side-channel attacks using model compilation techniques, namely tensor optimization. We show relative model attack effectiveness decreases of up to 43% using tensor optimization, discuss the implications, and direction of future work.