| Title | : | DeFault: Reverse Engineering Deep Neural Networks using Fault Injections |
| Speaker | : | Reetwik Das (IITM) |
| Details | : | Wed, 31 Jan, 2024 11:00 AM @ SSB-233 |
| Abstract: | : | The ability of Deep Neural Networks (DNNs) to provide quick and accurate classifications with limited resources makes them an ideal choice for resource-constrained embedded devices. However, the underlying devices are susceptible to various hardware vulnerabilities, which can be exploited to extract the deployed DNNs. In this talk, we present DeFault, the first fault injection based attack to construct a functionally equivalent DNN for a target DNN. The presence of multiple hidden layers and the non-linearity of activation functions, such as ReLU and Softmax, make reverse engineering the target DNN challenging. We develop an iterative algorithm that uses precise fault injections and an SMT solver to exploit the properties of the DNN, thereby addressing these challenges. We evaluate the DeFault attack against various DNNs trained on well-known Datasets, such as IRIS and MNIST, to construct a functionally equivalent replica of the target DNN. We also provide a study of the attack behavior on different DNN architectures and demonstrate the practicality of the attack by performing fault injections using an electromagnetic (EM) probe on a DNN deployed on a Raspberry Pi 3 board. |
