The paper explores a scenario where a side-channel attack is used to break the black-box property of embedded artificial intelligence, specifically deep neural networks (DNNs). It presents an architecture-agnostic attack that extracts the logits of the neural network, thereby allowing an attacker to estimate gradients and produce adversarial examples to fool the targeted network. The method combines hardware and software attacks, using electromagnetic leakages to extract the logits for a given input. This illustrates the effectiveness of logits extraction via side-channel as a first step for more general attack frameworks requiring either the logits or the confidence scores.
Publication date: 27 Nov 2023
Project Page: https://doi.org/10.1145/3605764.3623903
Paper: https://arxiv.org/pdf/2311.14005
