{"id":"https://openalex.org/W2809523935","doi":"https://doi.org/10.1145/3195970.3196105","title":"Reverse engineering convolutional neural networks through side-channel information leaks","display_name":"Reverse engineering convolutional neural networks through side-channel information leaks","publication_year":2018,"publication_date":"2018-06-19","ids":{"openalex":"https://openalex.org/W2809523935","doi":"https://doi.org/10.1145/3195970.3196105","mag":"2809523935"},"language":"en","primary_location":{"id":"doi:10.1145/3195970.3196105","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3195970.3196105","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 55th Annual Design Automation Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025545085","display_name":"Weizhe Hua","orcid":"https://orcid.org/0000-0002-5231-9799"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Weizhe Hua","raw_affiliation_strings":["Cornell University"],"affiliations":[{"raw_affiliation_string":"Cornell University","institution_ids":["https://openalex.org/I205783295"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037210004","display_name":"Zhiru Zhang","orcid":"https://orcid.org/0000-0002-0778-0308"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiru Zhang","raw_affiliation_strings":["Cornell University"],"affiliations":[{"raw_affiliation_string":"Cornell University","institution_ids":["https://openalex.org/I205783295"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024329178","display_name":"G. Edward Suh","orcid":"https://orcid.org/0000-0001-6409-9888"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"G. Edward Suh","raw_affiliation_strings":["Cornell University"],"affiliations":[{"raw_affiliation_string":"Cornell University","institution_ids":["https://openalex.org/I205783295"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5025545085"],"corresponding_institution_ids":["https://openalex.org/I205783295"],"apc_list":null,"apc_paid":null,"fwci":18.4241,"has_fulltext":false,"cited_by_count":152,"citation_normalized_percentile":{"value":0.9931578,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10502","display_name":"Advanced Memory and Neural Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.835086464881897},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.7280436158180237},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.7191226482391357},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.5588523149490356},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5010256767272949},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.464002788066864},{"id":"https://openalex.org/keywords/chip","display_name":"Chip","score":0.4360645115375519},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4164990186691284},{"id":"https://openalex.org/keywords/pruning","display_name":"Pruning","score":0.41426488757133484},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.35074514150619507},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.27520981431007385},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2709038257598877},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22193771600723267},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21890541911125183},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1349792182445526}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.835086464881897},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.7280436158180237},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.7191226482391357},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.5588523149490356},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5010256767272949},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.464002788066864},{"id":"https://openalex.org/C165005293","wikidata":"https://www.wikidata.org/wiki/Q1074500","display_name":"Chip","level":2,"score":0.4360645115375519},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4164990186691284},{"id":"https://openalex.org/C108010975","wikidata":"https://www.wikidata.org/wiki/Q500094","display_name":"Pruning","level":2,"score":0.41426488757133484},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.35074514150619507},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.27520981431007385},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2709038257598877},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22193771600723267},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21890541911125183},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1349792182445526},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C6557445","wikidata":"https://www.wikidata.org/wiki/Q173113","display_name":"Agronomy","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3195970.3196105","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3195970.3196105","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 55th Annual Design Automation Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6200000047683716}],"awards":[{"id":"https://openalex.org/G4688475944","display_name":null,"funder_award_id":"2686.001","funder_id":"https://openalex.org/F4320306087","funder_display_name":"Semiconductor Research Corporation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306087","display_name":"Semiconductor Research Corporation","ror":"https://ror.org/047z4n946"},{"id":"https://openalex.org/F4320309480","display_name":"Nvidia","ror":"https://ror.org/03jdj4y14"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1548777816","https://openalex.org/W1988374166","https://openalex.org/W2053637704","https://openalex.org/W2119144962","https://openalex.org/W2150620897","https://openalex.org/W2170993700","https://openalex.org/W2194775991","https://openalex.org/W2279098554","https://openalex.org/W2337675259","https://openalex.org/W2397423248","https://openalex.org/W2516141709","https://openalex.org/W2535690855","https://openalex.org/W2618530766","https://openalex.org/W2625457103","https://openalex.org/W4245199738","https://openalex.org/W4251575795"],"related_works":["https://openalex.org/W189451467","https://openalex.org/W2580249689","https://openalex.org/W2969678054","https://openalex.org/W2769734684","https://openalex.org/W2022533428","https://openalex.org/W2103519941","https://openalex.org/W2903787673","https://openalex.org/W2777343049","https://openalex.org/W3158338108","https://openalex.org/W2584285084"],"abstract_inverted_index":{"A":[0],"convolutional":[1],"neural":[2],"network":[3,70],"(CNN)":[4],"model":[5],"represents":[6],"a":[7,37,91],"crucial":[8],"piece":[9],"of":[10,88,108],"intellectual":[11],"property":[12],"in":[13],"many":[14],"applications.":[15],"Revealing":[16],"its":[17],"structure":[18,71],"or":[19],"weights":[20,89],"would":[21],"leak":[22],"confidential":[23,117],"information.":[24],"In":[25],"this":[26,103],"paper":[27],"we":[28],"present":[29],"novel":[30],"reverse-engineering":[31],"attacks":[32],"on":[33,36,85],"CNNs":[34],"running":[35],"hardware":[38],"accelerator,":[39],"where":[40],"an":[41],"adversary":[42,65],"can":[43,66],"feed":[44],"inputs":[45],"to":[46,114],"the":[47,51,64,68,74,82,86,106],"accelerator":[48,93],"and":[49,76],"observe":[50],"resulting":[52],"off-chip":[53,99,110],"memory":[54,75,100,111],"accesses.":[55,101],"Our":[56],"study":[57],"shows":[58],"that":[59],"even":[60],"with":[61],"data":[62],"encryption,":[63],"infer":[67],"underlying":[69],"by":[72],"exploiting":[73],"timing":[77],"side-channels.":[78],"We":[79],"further":[80],"identify":[81],"information":[83],"leakage":[84],"values":[87],"when":[90],"CNN":[92,118],"performs":[94],"dynamic":[95],"zero":[96],"pruning":[97],"for":[98],"Overall,":[102],"work":[104],"reveals":[105],"importance":[107],"hiding":[109],"access":[112],"pattern":[113],"truly":[115],"protect":[116],"models.":[119]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":13},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":49},{"year":2020,"cited_by_count":37},{"year":2019,"cited_by_count":16},{"year":2018,"cited_by_count":7}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}