{"id":"https://openalex.org/W4389158851","doi":"https://doi.org/10.1109/iccad57390.2023.10323806","title":"Deep-Learning Model Extraction Through Software-Based Power Side-Channel","display_name":"Deep-Learning Model Extraction Through Software-Based Power Side-Channel","publication_year":2023,"publication_date":"2023-10-28","ids":{"openalex":"https://openalex.org/W4389158851","doi":"https://doi.org/10.1109/iccad57390.2023.10323806"},"language":"en","primary_location":{"id":"doi:10.1109/iccad57390.2023.10323806","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iccad57390.2023.10323806","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060725887","display_name":"X. D. Zhang","orcid":"https://orcid.org/0000-0003-0940-6595"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Xiang Zhang","raw_affiliation_strings":["Department of Electrical and Computer Engineering"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071052954","display_name":"A. Adam Ding","orcid":"https://orcid.org/0000-0003-1397-2442"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aidong Adam Ding","raw_affiliation_strings":["Northeastern University,Department of Mathematics,Boston,MA,USA","Department of Mathematics, Northeastern University, Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University,Department of Mathematics,Boston,MA,USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Department of Mathematics, Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083131515","display_name":"Yunsi Fei","orcid":"https://orcid.org/0000-0002-9930-0868"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yunsi Fei","raw_affiliation_strings":["Department of Electrical and Computer Engineering"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5060725887"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.6993,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.7650829,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.9836000204086304,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8798314332962036},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.7841917276382446},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.6842464804649353},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5989469289779663},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5948349237442017},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.44944998621940613},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.43344274163246155},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.42828500270843506},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3603639602661133},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3120507597923279},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.1912693977355957},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.14531919360160828}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8798314332962036},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.7841917276382446},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.6842464804649353},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5989469289779663},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5948349237442017},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.44944998621940613},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.43344274163246155},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.42828500270843506},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3603639602661133},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3120507597923279},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.1912693977355957},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.14531919360160828}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iccad57390.2023.10323806","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iccad57390.2023.10323806","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6800000071525574,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G8301127824","display_name":null,"funder_award_id":"SaTC-1929300","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1677182931","https://openalex.org/W1945616565","https://openalex.org/W2007339694","https://openalex.org/W2753783305","https://openalex.org/W2769061097","https://openalex.org/W2793320545","https://openalex.org/W2962851944","https://openalex.org/W2963285578","https://openalex.org/W2963560987","https://openalex.org/W2963857521","https://openalex.org/W2995394700","https://openalex.org/W3026248346","https://openalex.org/W3081488247","https://openalex.org/W3092411267","https://openalex.org/W3102836279","https://openalex.org/W3153001680","https://openalex.org/W4212774754","https://openalex.org/W4293846201","https://openalex.org/W4293861706","https://openalex.org/W6685562342","https://openalex.org/W6739868092","https://openalex.org/W6766787143","https://openalex.org/W6766978945","https://openalex.org/W6775078712","https://openalex.org/W6777991474","https://openalex.org/W6787335730"],"related_works":["https://openalex.org/W4323824501","https://openalex.org/W2355552010","https://openalex.org/W2136687465","https://openalex.org/W3016859066","https://openalex.org/W5280335","https://openalex.org/W4200321003","https://openalex.org/W4226493464","https://openalex.org/W3133861977","https://openalex.org/W2951211570","https://openalex.org/W3103566983"],"abstract_inverted_index":{"Deep":[0],"learning":[1],"(DL)":[2],"techniques":[3],"have":[4],"been":[5],"increasingly":[6],"applied":[7],"across":[8],"various":[9],"applications,":[10],"facing":[11],"a":[12,121,137,147,207],"growing":[13],"number":[14],"of":[15,31,113,193,218],"security":[16],"threats.":[17],"One":[18],"such":[19],"threat":[20],"is":[21,222],"model":[22,45,60,104,151,182],"extraction,":[23,183],"an":[24],"attack":[25,165],"that":[26,226],"steals":[27],"the":[28,37,56,94,114,125,133,167,170,186,194,216,223],"Intellectual":[29],"Property":[30],"DL":[32,82,103,143],"models,":[33],"either":[34],"by":[35,158,185],"recovering":[36],"same":[38],"functionality":[39],"or":[40,53],"retrieving":[41],"high-fidelity":[42],"models.":[43,83],"Current":[44],"extraction":[46,152],"methods":[47,64],"can":[48,129],"be":[49,130],"categorized":[50],"as":[51],"learning-based":[52],"cryptanalytic,":[54],"with":[55,230],"latter":[57],"relying":[58],"on":[59,166,174,237],"queries":[61,195,238],"and":[62,76,239],"computational":[63],"to":[65,72,109,178,196,206],"recover":[66],"parameters.":[67],"However,":[68],"these":[69],"are":[70,77],"limited":[71],"shallow":[73],"neural":[74],"networks":[75],"computationally":[78],"prohibitive":[79],"for":[80,102,150],"deeper":[81],"In":[84],"this":[85,221],"paper,":[86],"we":[87],"propose":[88],"leveraging":[89],"software-based":[90],"power":[91,111,135,188],"analysis,":[92],"specifically":[93],"Intel":[95,175],"Running":[96],"Average":[97],"Power":[98],"Limit":[99],"(RAPL)":[100],"technique,":[101],"extraction.":[105],"RAPL":[106],"allows":[107],"us":[108],"measure":[110],"leakage":[112],"most":[115,171],"popular":[116,172],"activation":[117],"function,":[118],"ReLU,":[119],"through":[120],"software":[122,134,187],"interface.":[123],"Consequently,":[124],"ReLU":[126],"branch":[127],"direction":[128],"leaked":[131],"in":[132,140],"side-channel,":[136,189],"vulnerability":[138],"common":[139,208],"many":[141],"state-of-the-art":[142],"frameworks.":[144],"We":[145,162,200],"introduce":[146],"novel":[148],"methodology":[149],"Algorithm":[153],"from":[154],"input":[155],"gradient":[156],"assisted":[157,184],"side":[159],"channel":[160],"information.":[161],"implement":[163],"our":[164,181,204,219],"oneDNN":[168],"framework,":[169],"library":[173],"processors.":[176],"Compared":[177],"prior":[179],"work,":[180],"only":[190],"requires":[191],"0.8%":[192],"retrieve":[197],"as-layer":[198],"MLP.":[199],"also":[201],"successfully":[202],"apply":[203],"method":[205],"Convolutional":[209],"Neural":[210],"Network":[211],"(CNN)":[212],"-":[213],"Lenet-5.":[214],"To":[215],"best":[217],"knowledge,":[220],"first":[224],"work":[225],"extracts":[227],"CNN":[228],"models":[229],"more":[231],"than":[232],"5":[233],"layers":[234],"based":[235],"solely":[236],"software.":[240]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}