MACPruning: Dynamic Operation Pruning to Mitigate Side-Channel DNN Model Extraction

TL;DR

This paper introduces MACPruning, a lightweight and effective method to protect DNN models on edge devices from electromagnetic side-channel attacks by selectively pruning operations based on input importance.

Contribution

The paper proposes MACPruning, a novel defense mechanism that prunes DNN operations based on input importance to mitigate electromagnetic side-channel extraction without significant performance loss.

Findings

MACPruning reduces EM leakages effectively.

Minimal impact on DNN accuracy.

Negligible computational overhead.

Abstract

As deep learning gains popularity, edge IoT devices have seen proliferating deployment of pre-trained Deep Neural Network (DNN) models. These DNNs represent valuable intellectual property and face significant confidentiality threats from side-channel analysis (SCA), particularly non-invasive Differential Electromagnetic (EM) Analysis (DEMA), which retrieves individual model parameters from EM traces collected during model inference. Traditional SCA mitigation methods, such as masking and shuffling, can still be applied to DNN inference, but will incur significant performance degradation due to the large volume of operations and parameters. Based on the insight that DNN models have high redundancy and are robust to input variation, we introduce MACPruning, a novel lightweight defense against DEMA-based parameter extraction attacks, exploiting specific characteristics of DNN execution. The design principle of MACPruning is to randomly deactivate input pixels and prune the operations (typically multiply-accumulate-MAC) on those pixels. The technique removes certain leakages and overall redistributes weight-dependent EM leakages temporally, and thus effectively mitigates DEMA. To maintain DNN performance, we propose an importance-aware pixel map that preserves critical input pixels, keeping randomness in the defense while minimizing its impact on DNN performance due to operation pruning. We conduct a comprehensive security analysis of MACPruning on various datasets for DNNs on edge devices. Our evaluations demonstrate that MACPruning effectively reduces EM leakages with minimal impact on the model accuracy and negligible computational overhead.