Side-Channel Gray-Box Attack for DNNs

Yun Xiang,Yongchao Xu,Yingjie Li,Wen Ma,Qi Xuan,Yi Liu
DOI: https://doi.org/10.1109/tcsii.2020.3012005
2021-01-01
Abstract:Deep neural networks are becoming increasingly popular. However, they are also vulnerable to adversarial attacks. The existing attack methods include white-box attack and black-box attack. The white-box attack assumes full model knowledge while the black-box one assumes none. In this brief, we propose a novel attack method between these two. Specifically, we have made the following contributions: (1) we propose the gray-box attack, which utilizes the side-channel attack to predict the model structure based on a pre-trained classifier and (2) we validate our method on real-world experiments. The experimental results show that our gray-box attack can significantly outperform the existing techniques.
What problem does this paper attempt to address?