{"id":"https://openalex.org/W4399396293","doi":"https://doi.org/10.1109/host55342.2024.10545350","title":"Trained to Leak: Hiding Trojan Side-Channels in Neural Network Weights","display_name":"Trained to Leak: Hiding Trojan Side-Channels in Neural Network Weights","publication_year":2024,"publication_date":"2024-05-06","ids":{"openalex":"https://openalex.org/W4399396293","doi":"https://doi.org/10.1109/host55342.2024.10545350"},"language":"en","primary_location":{"id":"doi:10.1109/host55342.2024.10545350","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host55342.2024.10545350","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070034350","display_name":"Vincent Meyers","orcid":"https://orcid.org/0000-0001-9775-5861"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Vincent Meyers","raw_affiliation_strings":["Karlsruhe Institute of Technology (KIT),Chair of Dependable Nano Computing (CDNC),Karlsruhe,Germany","Chair of Dependable Nano Computing (CDNC), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology (KIT),Chair of Dependable Nano Computing (CDNC),Karlsruhe,Germany","institution_ids":["https://openalex.org/I102335020"]},{"raw_affiliation_string":"Chair of Dependable Nano Computing (CDNC), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany","institution_ids":["https://openalex.org/I102335020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038362728","display_name":"Michael Hefenbrock","orcid":"https://orcid.org/0000-0002-7583-2376"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michael Hefenbrock","raw_affiliation_strings":["RevoAI GmbH,Karlsruhe,Germany","RevoAI GmbH, Karlsruhe, Germany"],"affiliations":[{"raw_affiliation_string":"RevoAI GmbH,Karlsruhe,Germany","institution_ids":[]},{"raw_affiliation_string":"RevoAI GmbH, Karlsruhe, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026813167","display_name":"Dennis R. E. Gnad","orcid":"https://orcid.org/0000-0002-2839-4692"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Dennis Gnad","raw_affiliation_strings":["Karlsruhe Institute of Technology (KIT),Chair of Dependable Nano Computing (CDNC),Karlsruhe,Germany","Chair of Dependable Nano Computing (CDNC), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology (KIT),Chair of Dependable Nano Computing (CDNC),Karlsruhe,Germany","institution_ids":["https://openalex.org/I102335020"]},{"raw_affiliation_string":"Chair of Dependable Nano Computing (CDNC), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany","institution_ids":["https://openalex.org/I102335020"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064445713","display_name":"Mehdi B. Tahoori","orcid":"https://orcid.org/0000-0002-8829-5610"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mehdi Tahoori","raw_affiliation_strings":["Karlsruhe Institute of Technology (KIT),Chair of Dependable Nano Computing (CDNC),Karlsruhe,Germany","Chair of Dependable Nano Computing (CDNC), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology (KIT),Chair of Dependable Nano Computing (CDNC),Karlsruhe,Germany","institution_ids":["https://openalex.org/I102335020"]},{"raw_affiliation_string":"Chair of Dependable Nano Computing (CDNC), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany","institution_ids":["https://openalex.org/I102335020"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5070034350"],"corresponding_institution_ids":["https://openalex.org/I102335020"],"apc_list":null,"apc_paid":null,"fwci":1.4548,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.84037126,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"122","last_page":"127"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T14117","display_name":"Integrated Circuits and Semiconductor Failure Analysis","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7941427826881409},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.7257179021835327},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.5922804474830627},{"id":"https://openalex.org/keywords/usable","display_name":"USable","score":0.5813595056533813},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5465388894081116},{"id":"https://openalex.org/keywords/edge-device","display_name":"Edge device","score":0.5430107116699219},{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.51050865650177},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4997091293334961},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.4731016159057617},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.47082167863845825},{"id":"https://openalex.org/keywords/field-programmable-gate-array","display_name":"Field-programmable gate array","score":0.45119616389274597},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.44025373458862305},{"id":"https://openalex.org/keywords/latency","display_name":"Latency (audio)","score":0.42862433195114136},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4178146719932556},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4002142548561096},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.3242274820804596},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.318362832069397},{"id":"https://openalex.org/keywords/power","display_name":"Power (physics)","score":0.23882156610488892},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16343852877616882},{"id":"https://openalex.org/keywords/multimedia","display_name":"Multimedia","score":0.1394190490245819}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7941427826881409},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.7257179021835327},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.5922804474830627},{"id":"https://openalex.org/C2780615836","wikidata":"https://www.wikidata.org/wiki/Q2471869","display_name":"USable","level":2,"score":0.5813595056533813},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5465388894081116},{"id":"https://openalex.org/C138236772","wikidata":"https://www.wikidata.org/wiki/Q25098575","display_name":"Edge device","level":3,"score":0.5430107116699219},{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.51050865650177},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4997091293334961},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.4731016159057617},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.47082167863845825},{"id":"https://openalex.org/C42935608","wikidata":"https://www.wikidata.org/wiki/Q190411","display_name":"Field-programmable gate array","level":2,"score":0.45119616389274597},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.44025373458862305},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.42862433195114136},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4178146719932556},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4002142548561096},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3242274820804596},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.318362832069397},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.23882156610488892},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16343852877616882},{"id":"https://openalex.org/C49774154","wikidata":"https://www.wikidata.org/wiki/Q131765","display_name":"Multimedia","level":1,"score":0.1394190490245819},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/host55342.2024.10545350","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host55342.2024.10545350","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6685114070","display_name":null,"funder_award_id":"501300923 (SecureNN)","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W642509312","https://openalex.org/W1500140210","https://openalex.org/W1534499320","https://openalex.org/W1917515126","https://openalex.org/W2038861118","https://openalex.org/W2279541644","https://openalex.org/W2565125333","https://openalex.org/W2797583228","https://openalex.org/W2906549808","https://openalex.org/W2943220429","https://openalex.org/W2989358546","https://openalex.org/W3035367371","https://openalex.org/W3105216768","https://openalex.org/W3118608800","https://openalex.org/W3174657965","https://openalex.org/W3194922745","https://openalex.org/W4221141428","https://openalex.org/W4252979261","https://openalex.org/W4291902438","https://openalex.org/W4294691467","https://openalex.org/W4313467207","https://openalex.org/W4317436377","https://openalex.org/W4323310116","https://openalex.org/W6786151792","https://openalex.org/W6787972765","https://openalex.org/W6809173602"],"related_works":["https://openalex.org/W2022533428","https://openalex.org/W2580249689","https://openalex.org/W2103519941","https://openalex.org/W2769734684","https://openalex.org/W2969678054","https://openalex.org/W2903787673","https://openalex.org/W2777343049","https://openalex.org/W3158338108","https://openalex.org/W2584285084","https://openalex.org/W1796231437"],"abstract_inverted_index":{"Applications":[0],"driven":[1],"by":[2,47,116],"neural":[3],"networks":[4,138],"(NNs)":[5],"have":[6],"been":[7],"advancing":[8],"various":[9],"work":[10],"flows":[11],"in":[12,28,54,107],"industries":[13],"and":[14,33,38,67,127,173,183],"everyday":[15],"life.":[16],"FPGA":[17],"accelerators":[18],"are":[19],"a":[20,55,88,159],"popular":[21],"low":[22],"latency":[23],"solution":[24],"for":[25,70,185],"NN":[26],"inference":[27],"the":[29,61,94,97,108,111,118,124,137,141,145,171,176],"cloud,":[30],"edge":[31],"devices":[32],"critical":[34],"systems,":[35],"offering":[36],"efficiency":[37],"availability.":[39],"Additionally,":[40],"cloud":[41],"FPGAs":[42],"enable":[43],"maximizing":[44],"resource":[45],"utilization":[46],"sharing":[48],"one":[49],"device":[50],"with":[51,136],"multiple":[52],"users":[53],"multi-tenant":[56],"scenario.":[57],"However,":[58],"due":[59],"to":[60,133,155],"high":[62],"energy":[63],"costs,":[64],"hardware":[65],"requirements":[66],"time":[68],"consumption":[69,126],"training":[71,119],"an":[72,122],"NN,":[73,123],"using":[74],"machine":[75],"learning":[76],"services":[77],"or":[78],"acquiring":[79],"pre-trained":[80],"models":[81],"has":[82],"become":[83],"increasingly":[84],"popular.":[85],"This":[86],"creates":[87],"trust":[89],"issue":[90],"that":[91,115],"potentially":[92],"puts":[93],"privacy":[95],"of":[96,110,121,144,175],"user":[98],"at":[99],"risk.":[100],"Specifically,":[101],"malicious":[102,186],"mechanisms":[103],"may":[104],"be":[105,131],"hidden":[106],"weights":[109],"NN.":[112],"We":[113],"show":[114],"manipulating":[117],"process":[120],"power":[125,150,156],"resulting":[128],"leakage":[129],"can":[130],"manipulated":[132],"correlate":[134],"strongly":[135],"output,":[139],"allowing":[140],"reliable":[142],"recovery":[143],"classification":[146],"results":[147],"through":[148],"remote":[149],"side-channel":[151],"analysis.":[152],"In":[153],"comparison":[154],"traces":[157],"from":[158],"benign":[160],"model,":[161],"which":[162],"leak":[163],"less":[164],"information,":[165],"our":[166],"trained-in":[167],"Trojan":[168],"Side-Channel":[169],"enhances":[170],"credibility":[172],"reliability":[174],"stolen":[177],"outputs,":[178],"making":[179],"them":[180],"more":[181],"usable":[182],"valuable":[184],"intent.":[187]},"counts_by_year":[{"year":2025,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}