{"id":"https://openalex.org/W3083428176","doi":"https://doi.org/10.1145/3386263.3409104","title":"Securing Machine Learning Architectures and Systems","display_name":"Securing Machine Learning Architectures and Systems","publication_year":2020,"publication_date":"2020-09-04","ids":{"openalex":"https://openalex.org/W3083428176","doi":"https://doi.org/10.1145/3386263.3409104","mag":"3083428176"},"language":"en","primary_location":{"id":"doi:10.1145/3386263.3409104","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386263.3409104","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 on Great Lakes Symposium on VLSI","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056623842","display_name":"Shirin HajiAmin Shirazi","orcid":null},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shirin HajiAmin Shirazi","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081598692","display_name":"Hoda Naghibijouybari","orcid":"https://orcid.org/0000-0003-0468-3032"},"institutions":[{"id":"https://openalex.org/I123946342","display_name":"Binghamton University","ror":"https://ror.org/008rmbt77","country_code":"US","type":"education","lineage":["https://openalex.org/I123946342"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hoda Naghibijouybari","raw_affiliation_strings":["Binghamton University, Binghamton, NY, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Binghamton University, Binghamton, NY, USA","institution_ids":["https://openalex.org/I123946342"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059614371","display_name":"Nael Abu\u2010Ghazaleh","orcid":"https://orcid.org/0000-0002-9485-5370"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nael Abu-Ghazaleh","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.2708,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.64594862,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"499","last_page":"506"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7210915088653564},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3445582389831543},{"id":"https://openalex.org/keywords/computer-architecture","display_name":"Computer architecture","score":0.3220779299736023}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7210915088653564},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3445582389831543},{"id":"https://openalex.org/C118524514","wikidata":"https://www.wikidata.org/wiki/Q173212","display_name":"Computer architecture","level":1,"score":0.3220779299736023}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3386263.3409104","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386263.3409104","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 on Great Lakes Symposium on VLSI","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5907495320","display_name":null,"funder_award_id":"CNS-1619450","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":61,"referenced_works":["https://openalex.org/W1473189865","https://openalex.org/W1716219110","https://openalex.org/W1934458198","https://openalex.org/W1976075132","https://openalex.org/W2014182302","https://openalex.org/W2080592089","https://openalex.org/W2151298633","https://openalex.org/W2152839228","https://openalex.org/W2156484396","https://openalex.org/W2157116240","https://openalex.org/W2243397390","https://openalex.org/W2285181575","https://openalex.org/W2404948481","https://openalex.org/W2460937040","https://openalex.org/W2518281301","https://openalex.org/W2535690855","https://openalex.org/W2560674852","https://openalex.org/W2561498661","https://openalex.org/W2591675147","https://openalex.org/W2603766943","https://openalex.org/W2612708909","https://openalex.org/W2618043096","https://openalex.org/W2619203976","https://openalex.org/W2620387295","https://openalex.org/W2746600820","https://openalex.org/W2766210752","https://openalex.org/W2766613627","https://openalex.org/W2771112233","https://openalex.org/W2774423163","https://openalex.org/W2792738181","https://openalex.org/W2883613460","https://openalex.org/W2883929540","https://openalex.org/W2887712657","https://openalex.org/W2889402930","https://openalex.org/W2891810898","https://openalex.org/W2899861195","https://openalex.org/W2905810301","https://openalex.org/W2913104037","https://openalex.org/W2946363484","https://openalex.org/W2950048339","https://openalex.org/W2950468330","https://openalex.org/W2950959891","https://openalex.org/W2952343783","https://openalex.org/W2962986039","https://openalex.org/W2963070423","https://openalex.org/W2963178695","https://openalex.org/W2963207607","https://openalex.org/W2963311060","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964153729","https://openalex.org/W2988559961","https://openalex.org/W2997532515","https://openalex.org/W3101962329","https://openalex.org/W3104224589","https://openalex.org/W3106412272","https://openalex.org/W4233429846","https://openalex.org/W4242053016","https://openalex.org/W4253012315","https://openalex.org/W4253267708","https://openalex.org/W4289038676"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W2350741829","https://openalex.org/W2530322880"],"abstract_inverted_index":{"Machine":[0,114],"learning":[1,5,82,115],"(ML),":[2],"and":[3,55,62,66,76,92,105,112,146,214,247,257,269],"deep":[4],"in":[6,40],"particular,":[7],"have":[8,35],"become":[9],"a":[10,23,128,156,162,244],"critical":[11],"workload":[12],"as":[13],"they":[14],"are":[15,117],"becoming":[16],"increasingly":[17,48],"applied":[18],"at":[19,64],"the":[20,32,100,131,140,143,153,212,240],"core":[21],"of":[22,26,102,142,155,164,229,243],"wide":[24],"range":[25],"application":[27],"spaces.":[28],"Computer":[29],"systems,":[30,107],"from":[31,192],"architecture":[33],"up,":[34],"been":[36],"impacted":[37],"by":[38,173],"ML":[39,45,68,104,169,200,264],"two":[41],"primary":[42],"directions:":[43],"(1)":[44],"is":[46,171],"an":[47,178,227],"important":[49],"computing":[50,106],"workload,":[51],"with":[52,79,189,208],"new":[53,80,120],"accelerators":[54],"systems":[56,86,116,258],"targeted":[57],"to":[58,87,119,126,130,138,151,180,211,238,262],"support":[59],"both":[60,73,109],"training":[61,144],"inference":[63,135],"scale;":[65],"(2)":[67],"supporting":[69,168],"computer":[70],"system":[71],"decisions,":[72],"during":[74],"design":[75],"run":[77],"times,":[78],"machine":[81],"based":[83,201],"algorithms":[84],"controlling":[85],"optimize":[88],"their":[89],"performance,":[90],"reliability":[91],"robustness.":[93],"In":[94],"this":[95],"paper,":[96],"we":[97,186,197,216,225,253],"will":[98,187],"explore":[99],"intersection":[101],"security,":[103],"identifying":[108],"security":[110],"challenges":[111],"opportunities.":[113],"vulnerable":[118],"attacks":[121,124,136,149,166,233],"including":[122],"adversarial":[123,209,268],"crafted":[125],"fool":[127],"classifier":[129],"attacker's":[132],"advantage,":[133],"membership":[134],"attempting":[137],"compromise":[139],"privacy":[141],"data,":[145],"model":[147],"extraction":[148],"seeking":[150],"recover":[152],"hyperparameters":[154],"(secret)":[157],"model.":[158],"Architecture":[159],"can":[160,205,217,235,259],"be":[161,206,236,260],"target":[163],"these":[165,222],"when":[167],"(or":[170],"supported":[172],"ML),":[174],"but":[175],"also":[176],"provides":[177],"opportunity":[179],"develop":[181,218],"defenses":[182,249],"against":[183,250,267],"them,":[184],"which":[185],"illustrate":[188],"three":[190],"examples":[191],"our":[193],"recent":[194],"work.":[195],"First,":[196],"show":[198,226],"how":[199,215,255],"hardware":[202,256],"malware":[203],"detectors":[204,219],"attacked":[207],"perturbations":[210],"Malware":[213],"that":[220,234],"resist":[221],"attacks.":[223,271],"Second,":[224],"example":[228],"microarchitectural":[230],"side":[231],"channel":[232],"used":[237,261],"extract":[239],"secret":[241],"parameters":[242],"neural":[245],"network":[246],"potential":[248],"it.":[251],"Finally,":[252],"discuss":[254],"make":[263],"more":[265],"robust":[266],"other":[270]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}