Compilation as a Defense: Enhancing DL Model Attack Robustness via Tensor Optimization
Stefan Trawicki, William Hackett, Lewis Birch, Neeraj Suri, Peter, Garraghan
TL;DR
This paper proposes a novel defense against adversarial machine learning side-channel attacks by using tensor optimization during model compilation, significantly reducing attack effectiveness.
Contribution
It introduces tensor optimization as an effective compilation-based defense mechanism against AML side-channel attacks, addressing a gap in efficient remediation strategies.
Findings
Model attack effectiveness decreases by up to 43% with tensor optimization.
Tensor optimization offers a promising direction for AML attack mitigation.
The approach avoids costly model re-engineering.
Abstract
Adversarial Machine Learning (AML) is a rapidly growing field of security research, with an often overlooked area being model attacks through side-channels. Previous works show such attacks to be serious threats, though little progress has been made on efficient remediation strategies that avoid costly model re-engineering. This work demonstrates a new defense against AML side-channel attacks using model compilation techniques, namely tensor optimization. We show relative model attack effectiveness decreases of up to 43% using tensor optimization, discuss the implications, and direction of future work.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Malware Detection Techniques