The article discusses the susceptibility of neural network implementations to reverse engineering. The authors use side-channel analysis on the NVIDIA Jetson Nano microcomputer to investigate this. They implement 15 popular convolutional neural network architectures on the GPU of Jetson Nano and analyze the electromagnetic radiation of the GPU during the neural networks’ inference operation. The results indicate that neural network architectures are easily distinguishable using deep learning-based side-channel analysis. The article emphasizes the importance of keeping the architecture and parameters of trained models secret due to the potential vulnerability of sensitive data used in training.
Publication date: 24 Jan 2024
Project Page: https://arxiv.org/abs/2401.13575v1
Paper: https://arxiv.org/pdf/2401.13575