{"id":"https://openalex.org/W4400811612","doi":"https://doi.org/10.1109/aicas59952.2024.10595935","title":"Attacking a Joint Protection Scheme for Deep Neural Network Hardware Accelerators and Models","display_name":"Attacking a Joint Protection Scheme for Deep Neural Network Hardware Accelerators and Models","publication_year":2024,"publication_date":"2024-04-22","ids":{"openalex":"https://openalex.org/W4400811612","doi":"https://doi.org/10.1109/aicas59952.2024.10595935"},"language":"en","primary_location":{"id":"doi:10.1109/aicas59952.2024.10595935","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/aicas59952.2024.10595935","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE 6th International Conference on AI Circuits and Systems (AICAS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104826250","display_name":"Simon Wilhelmst\u00e4tter","orcid":null},"institutions":[{"id":"https://openalex.org/I196349391","display_name":"Universit\u00e4t Ulm","ror":"https://ror.org/032000t02","country_code":"DE","type":"education","lineage":["https://openalex.org/I196349391"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Simon Wilhelmst\u00e4tter","raw_affiliation_strings":["University of Ulm,Institute of Microelectronics,Ulm,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Ulm,Institute of Microelectronics,Ulm,Germany","institution_ids":["https://openalex.org/I196349391"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071265803","display_name":"Joschua Conrad","orcid":"https://orcid.org/0000-0003-4780-8042"},"institutions":[{"id":"https://openalex.org/I196349391","display_name":"Universit\u00e4t Ulm","ror":"https://ror.org/032000t02","country_code":"DE","type":"education","lineage":["https://openalex.org/I196349391"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Joschua Conrad","raw_affiliation_strings":["University of Ulm,Institute of Microelectronics,Ulm,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Ulm,Institute of Microelectronics,Ulm,Germany","institution_ids":["https://openalex.org/I196349391"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045418076","display_name":"Devanshi Upadhyaya","orcid":null},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Devanshi Upadhyaya","raw_affiliation_strings":["University of Stuttgart,Institute for Computer Architecture and Computer Engingeering,Stuttgart,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Stuttgart,Institute for Computer Architecture and Computer Engingeering,Stuttgart,Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027416202","display_name":"Ilia Polian","orcid":"https://orcid.org/0000-0002-6563-2725"},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ilia Polian","raw_affiliation_strings":["University of Stuttgart,Institute for Computer Architecture and Computer Engingeering,Stuttgart,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Stuttgart,Institute for Computer Architecture and Computer Engingeering,Stuttgart,Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034938079","display_name":"Maurits Ortmanns","orcid":"https://orcid.org/0000-0002-3547-1596"},"institutions":[{"id":"https://openalex.org/I196349391","display_name":"Universit\u00e4t Ulm","ror":"https://ror.org/032000t02","country_code":"DE","type":"education","lineage":["https://openalex.org/I196349391"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Maurits Ortmanns","raw_affiliation_strings":["University of Ulm,Institute of Microelectronics,Ulm,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Ulm,Institute of Microelectronics,Ulm,Germany","institution_ids":["https://openalex.org/I196349391"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.08596487,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"521","issue":null,"first_page":"144","last_page":"148"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9348000288009644,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9225000143051147,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/joint","display_name":"Joint (building)","score":0.757859468460083},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.7571196556091309},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7313050627708435},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5503994822502136},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.3858141303062439},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3451042175292969},{"id":"https://openalex.org/keywords/computer-architecture","display_name":"Computer architecture","score":0.3433985114097595},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3250749409198761},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13470163941383362}],"concepts":[{"id":"https://openalex.org/C18555067","wikidata":"https://www.wikidata.org/wiki/Q8375051","display_name":"Joint (building)","level":2,"score":0.757859468460083},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.7571196556091309},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7313050627708435},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5503994822502136},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.3858141303062439},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3451042175292969},{"id":"https://openalex.org/C118524514","wikidata":"https://www.wikidata.org/wiki/Q173212","display_name":"Computer architecture","level":1,"score":0.3433985114097595},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3250749409198761},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13470163941383362},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C170154142","wikidata":"https://www.wikidata.org/wiki/Q150737","display_name":"Architectural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/aicas59952.2024.10595935","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/aicas59952.2024.10595935","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE 6th International Conference on AI Circuits and Systems (AICAS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W2194775991","https://openalex.org/W3118608800","https://openalex.org/W4200307116","https://openalex.org/W4200328352","https://openalex.org/W4212774754","https://openalex.org/W4212910567","https://openalex.org/W4233028387","https://openalex.org/W4233993131","https://openalex.org/W4234212765","https://openalex.org/W4236182951","https://openalex.org/W4237249260","https://openalex.org/W4249561901","https://openalex.org/W4300859237","https://openalex.org/W4313467202","https://openalex.org/W4360606495","https://openalex.org/W4400526806","https://openalex.org/W6631201240","https://openalex.org/W6637373629","https://openalex.org/W6657622262","https://openalex.org/W6684016638","https://openalex.org/W6684191040","https://openalex.org/W6696405057","https://openalex.org/W6717490402","https://openalex.org/W6748840973","https://openalex.org/W6760385162","https://openalex.org/W6783082107","https://openalex.org/W6790768702","https://openalex.org/W6791446658","https://openalex.org/W6792317678","https://openalex.org/W6794590365","https://openalex.org/W6846099671"],"related_works":["https://openalex.org/W1975289146","https://openalex.org/W1996130883","https://openalex.org/W2748574964","https://openalex.org/W2105887828","https://openalex.org/W2122599759","https://openalex.org/W4236520801","https://openalex.org/W2888483922","https://openalex.org/W4396737233","https://openalex.org/W2367747139","https://openalex.org/W2352941988"],"abstract_inverted_index":{"The":[0],"tremendous":[1],"success":[2],"of":[3,15,35,51,196],"artificial":[4],"neural":[5],"networks":[6],"(NNs)":[7],"in":[8,37,46,169],"recent":[9],"years,":[10],"paired":[11],"with":[12,76],"the":[13,33,71,74,107,117,120,142,146,152,170,197],"leap":[14],"embedded,":[16],"low-power":[17],"devices":[18],"(e.g.":[19,87],"IoT,":[20],"wearables":[21],"and":[22,55,73,104,119,140,151,166,212],"smart":[23],"sensors),":[24],"gave":[25],"rise":[26],"to":[27,60,106,125,131,192,203],"specialized":[28],"NN":[29,62,147,206],"accelerators":[30,45],"that":[31,79,180],"enable":[32],"inference":[34],"NNs":[36],"power-constrained":[38],"environments.":[39],"However,":[40,92],"manufacturing":[41],"or":[42,90],"operating":[43],"such":[44,99],"un-trusted":[47],"environments":[48],"poses":[49],"risks":[50],"undesired":[52],"model":[53,72,102,118,133,138,153,187,207,210],"theft":[54],"hardware":[56,63,214],"counterfeiting.":[57,215],"One":[58],"way":[59],"protect":[61],"against":[64,149,154],"those":[65,161],"threats":[66],"is":[67,178,189],"by":[68,84],"locking":[69,94,127],"both":[70],"accelerator":[75,121,148],"secret":[77],"keys":[78],"can":[80],"only":[81],"be":[82],"supplied":[83],"entitled":[85],"authorities":[86],"chip":[88],"designer":[89],"distributor).":[91],"current":[93],"mechanisms":[95],"contain":[96],"severe":[97,167],"drawbacks,":[98],"as":[100],"required":[101],"retraining":[103],"vulnerability":[105],"powerful":[108],"satisfyability":[109],"checking":[110],"(SAT)-attack.Recently,":[111],"an":[112,176,184],"approach":[113],"for":[114],"jointly":[115],"protecting":[116],"was":[122],"proposed.":[123],"Compared":[124],"previous":[126],"mechanisms,":[128],"it":[129],"promises":[130],"avoid":[132],"retraining,":[134],"not":[135,182],"leak":[136],"useful":[137],"information,":[139],"resist":[141],"SAT-attack,":[143],"thereby":[144],"securing":[145],"counterfeiting":[150],"intellectual":[155],"property":[156],"infringement.":[157],"In":[158],"this":[159],"paper,":[160],"claims":[162],"are":[163,173],"thoroughly":[164],"evaluated":[165],"issues":[168],"technical":[171],"evidence":[172],"identified.":[174],"Furthermore,":[175],"attack":[177],"developed":[179],"does":[181],"require":[183],"expanded":[185],"threat":[186],"but":[188],"still":[190],"able":[191],"completely":[193],"circumvent":[194],"all":[195,205],"proposed":[198],"protection":[199],"schemes.":[200],"It":[201],"allows":[202],"reconstruct":[204],"parameters":[208],"(i.e.":[209],"theft)":[211],"enables":[213]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}