CNN architecture extraction on edge GPU
This addresses security vulnerabilities for resource-constrained embedded devices, such as those using NVIDIA Jetson Nano, by exposing risks of neural network architecture extraction, which is incremental in applying existing side-channel techniques to new hardware.
The paper tackled the susceptibility of neural network implementations to reverse engineering on edge GPUs by presenting an architecture extraction attack using electromagnetic side-channel analysis on 15 popular CNN architectures, showing they are easily distinguishable with deep learning-based methods.
Neural networks have become popular due to their versatility and state-of-the-art results in many applications, such as image classification, natural language processing, speech recognition, forecasting, etc. These applications are also used in resource-constrained environments such as embedded devices. In this work, the susceptibility of neural network implementations to reverse engineering is explored on the NVIDIA Jetson Nano microcomputer via side-channel analysis. To this end, an architecture extraction attack is presented. In the attack, 15 popular convolutional neural network architectures (EfficientNets, MobileNets, NasNet, etc.) are implemented on the GPU of Jetson Nano and the electromagnetic radiation of the GPU is analyzed during the inference operation of the neural networks. The results of the analysis show that neural network architectures are easily distinguishable using deep learning-based side-channel analysis.