-HGI News- Next CASA Distinguished Lecture (Nov 21, 2023) with Sandip Kundu (University of Massachusetts Amherst)

[English Newsletter of the Horst Goertz Institute for IT Security]

We cordially invite you to the next

CASA Distinguished Lecture, November 21, 2023
with Sandip Kundu (University of Massachusetts Amherst)

The topic is "Model Extraction Attack On Deep Neural Networks Running On GPUs"

When: 21.11.2023, 2 PM
Where: Building TZR ("MB"), Level 1, Room S-MO-104, Universitätsstraße 142, 44799 Bochum
Online-Participation: Zoom-Webinar<https://ruhr-uni-bochum.zoom.us/j/64776109776?pwd=TVZPSDM1VG9uVWM0dkJIWmpKQnlJQT09#success>

Abstract. Deep Neural Networks (DNNs) are widely used for prediction and classification tasks. However, they are vulnerable to a variety of threats, including model extraction, evasion and inversion attacks. Model extraction attacks steal DNN models, which is a threat to intellectual property, data privacy, and security. We propose a novel DNN architecture extraction attack called EZClone, which uses aggregate GPU profiles as a side-channel information to reconstruct DNN model from an execution. We find that EZClone can correctly predict the architecture of all PyTorch vision architectures with 100% accuracy. This is the highest accuracy achieved by any attack with the same adversarial constraints using side-channel information. Prior work has shown that once a DNN has been successfully cloned, further attacks such as model evasion or model inversion can be accelerated significantly. This talk will also discuss side-channel leakage mitigation techniques.

Bio. Sandip Kundu is a Professor of Electrical and Computer Engineering at the University of Massachusetts Amherst. Until recently, he was also a program director at the National Science Foundation within the CISE directorate. Kundu began his career at IBM Research as a Research Staff Member; then worked at Intel Corporation as a Principal Engineer before joining UMass Amherst as a professor in 2005. He has published nearly 300 research papers in VLSI design and test, holds several key patents including ultra-drowsy sleep mode in processors, and has given more than a dozen tutorials at various conferences. He is a Fellow of the IEEE, Fellow of the Japan Society for Promotion of Science (JSPS), Senior International Scientist of the Chinese Academy of Sciences and was a Distinguished Visitor of the IEEE Computer Society. He has been an Associate Editor of the IEEE Transactions on Dependable and Secure Computing. Associate Editor of the IEEE Transactions on Computers, IEEE Transactions on VLSI Systems and ACM Transactions on Design Automation of Electronic Systems. He has been Technical Program Chair/General Chair of multiple conferences including ICCD, ATS, ISVLSI, DFTS and VLSI Design Conference.



Kind regards

Christina Scholten

RUHR-UNIVERSITÄT BOCHUM
Horst Görtz Institut for IT Security/ Cluster of Excellence CASA
Marketing and Public Relations
MC EG 78, Postfach MC 3
Universitätsstr. 150
44780 Bochum, Germany
Tel: +49-(0)234-32-29274
E-Mail: christina.scholten at rub.de<mailto:christina.scholten at rub.de>

www.hgi.rub.de<http://www.hgi.rub.de/>
www.casa.rub.de<http://www.casa.rub.de/>

To unsubscribe from any further information from the Horst Görtz Institute for IT Security, follow this link<https://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ruhr-uni-bochum.de/pipermail/hgi-news-international/attachments/20231107/c6c7b684/attachment.htm>