{"id":"https://openalex.org/W4383221534","doi":"https://doi.org/10.1145/3579856.3582827","title":"EMShepherd: Detecting Adversarial Samples via Side-channel Leakage","display_name":"EMShepherd: Detecting Adversarial Samples via Side-channel Leakage","publication_year":2023,"publication_date":"2023-07-05","ids":{"openalex":"https://openalex.org/W4383221534","doi":"https://doi.org/10.1145/3579856.3582827"},"language":"en","primary_location":{"id":"doi:10.1145/3579856.3582827","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579856.3582827","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027476432","display_name":"Ruyi Ding","orcid":"https://orcid.org/0000-0002-0079-8265"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ruyi Ding","raw_affiliation_strings":["Northeastern University, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-0079-8265","affiliations":[{"raw_affiliation_string":"Northeastern University, United States of America","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045682482","display_name":"Cheng Gongye","orcid":"https://orcid.org/0000-0002-6423-0871"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Cheng Gongye","raw_affiliation_strings":["Northeastern University, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-6423-0871","affiliations":[{"raw_affiliation_string":"Northeastern University, United States of America","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101793161","display_name":"Siyue Wang","orcid":"https://orcid.org/0000-0003-2952-5882"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Siyue Wang","raw_affiliation_strings":["Northeastern University, United States of America"],"raw_orcid":"https://orcid.org/0000-0003-2952-5882","affiliations":[{"raw_affiliation_string":"Northeastern University, United States of America","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071052954","display_name":"A. Adam Ding","orcid":"https://orcid.org/0000-0003-1397-2442"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"A. Adam Ding","raw_affiliation_strings":["Northeastern University, United States of America"],"raw_orcid":"https://orcid.org/0000-0003-1397-2442","affiliations":[{"raw_affiliation_string":"Northeastern University, United States of America","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"last","author":{"id":null,"display_name":"Yunsi Fei","orcid":"https://orcid.org/0000-0002-5169-4044"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yunsi Fei","raw_affiliation_strings":["Northeastern University, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-5169-4044","affiliations":[{"raw_affiliation_string":"Northeastern University, United States of America","institution_ids":["https://openalex.org/I12912129"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5027476432"],"corresponding_institution_ids":["https://openalex.org/I12912129"],"apc_list":null,"apc_paid":null,"fwci":1.7041,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.87267515,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"300","last_page":"313"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.982200026512146,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12495","display_name":"Electrostatic Discharge in Electronics","score":0.968999981880188,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8189908266067505},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7805401086807251},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6843390464782715},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.6573865413665771},{"id":"https://openalex.org/keywords/mnist-database","display_name":"MNIST database","score":0.6523220539093018},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6340887546539307},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5813271999359131},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.4882552921772003},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.48496103286743164},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.47738736867904663},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.431199848651886},{"id":"https://openalex.org/keywords/white-box","display_name":"White box","score":0.4118573069572449},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.13260763883590698}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8189908266067505},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7805401086807251},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6843390464782715},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.6573865413665771},{"id":"https://openalex.org/C190502265","wikidata":"https://www.wikidata.org/wiki/Q17069496","display_name":"MNIST database","level":3,"score":0.6523220539093018},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6340887546539307},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5813271999359131},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.4882552921772003},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.48496103286743164},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.47738736867904663},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.431199848651886},{"id":"https://openalex.org/C180932941","wikidata":"https://www.wikidata.org/wiki/Q997233","display_name":"White box","level":2,"score":0.4118573069572449},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.13260763883590698},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3579856.3582827","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579856.3582827","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7900000214576721}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1519539754","https://openalex.org/W2045812729","https://openalex.org/W2096451472","https://openalex.org/W2535690855","https://openalex.org/W2892090366","https://openalex.org/W2962710014","https://openalex.org/W2966658324","https://openalex.org/W2998115938","https://openalex.org/W3017135385","https://openalex.org/W3103340107","https://openalex.org/W3153001680","https://openalex.org/W3176482836","https://openalex.org/W3194922745","https://openalex.org/W6774549192"],"related_works":["https://openalex.org/W3048732067","https://openalex.org/W4383468834","https://openalex.org/W2900159906","https://openalex.org/W4384648009","https://openalex.org/W4283221438","https://openalex.org/W4287828318","https://openalex.org/W2406556600","https://openalex.org/W4297846880","https://openalex.org/W4293054861","https://openalex.org/W4324108765"],"abstract_inverted_index":{"Deep":[0],"Neural":[1],"Networks":[2],"(DNN)":[3],"are":[4,54,87,131],"vulnerable":[5],"to":[6,17,107,133,220],"adversarial":[7,122,136,158,189,215],"perturbations":[8],"\u2014":[9],"small":[10],"changes":[11],"crafted":[12],"deliberately":[13],"on":[14,89,116,191,211],"the":[15,19,45,63,77,135,149,160,169,173,221],"input":[16,100],"mislead":[18],"model":[20,64,73,85,112,151,161],"for":[21,29,57,72,121,168,199],"wrong":[22],"predictions.":[23],"Adversarial":[24],"attacks":[25,190],"have":[26],"disastrous":[27],"consequences":[28],"deep":[30,59,196],"learning":[31,60,197],"empowered":[32],"critical":[33],"applications.":[34],"Existing":[35],"defense":[36],"and":[37,49,92,94,118,127,143,172,203],"detection":[38,209],"techniques":[39],"both":[40,90,200],"require":[41],"extensive":[42],"knowledge":[43],"of":[44,83,98,111,140,214],"model,":[46],"testing":[47],"inputs":[48],"even":[50],"execution":[51,162],"details.":[52],"They":[53],"not":[55],"viable":[56],"general":[58],"implementations":[61],"where":[62],"internal":[65],"is":[66,153,218],"unknown,":[67],"a":[68,84,104,138,192,208],"common":[69],"\u2018black-box\u2019":[70],"scenario":[71],"users.":[74],"Inspired":[75],"by":[76,156],"fact":[78],"that":[79,181],"electromagnetic":[80],"(EM)":[81],"emanations":[82],"inference":[86],"dependent":[88],"operations":[91],"data":[93],"may":[95],"contain":[96],"footprints":[97],"different":[99,165,188],"classes,":[101,171],"we":[102],"propose":[103],"framework,":[105],"EMShepherd,":[106],"capture":[108],"EM":[109,129,141,174],"traces":[110,117,130],"execution,":[113],"perform":[114],"processing":[115],"exploit":[119],"them":[120],"detection.":[123],"Only":[124],"benign":[125],"samples":[126],"their":[128],"used":[132,194],"train":[134],"detector:":[137],"set":[139],"classifiers":[142],"class-specific":[144],"unsupervised":[145],"anomaly":[146],"detectors.":[147,225],"When":[148],"victim":[150],"system":[152],"under":[154],"attack":[155],"an":[157],"example,":[159],"will":[163,176],"be":[164,177],"from":[166],"executions":[167],"known":[170],"trace":[175],"different.":[178],"We":[179],"demonstrate":[180],"our":[182],"air-gapped":[183],"EMShepherd":[184],"can":[185],"effectively":[186],"detect":[187],"commonly":[193],"FPGA":[195],"accelerator":[198],"Fashion":[201],"MNIST":[202],"CIFAR-10":[204],"datasets.":[205],"It":[206],"achieves":[207],"rate":[210],"most":[212],"types":[213],"samples,":[216],"which":[217],"comparable":[219],"state-of-the-art":[222],"\u2018white-box\u2019":[223],"software-based":[224]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}