{"id":"https://openalex.org/W4388887500","doi":"https://doi.org/10.1145/3605764.3623903","title":"When Side-Channel Attacks Break the Black-Box Property of Embedded Artificial Intelligence","display_name":"When Side-Channel Attacks Break the Black-Box Property of Embedded Artificial Intelligence","publication_year":2023,"publication_date":"2023-11-21","ids":{"openalex":"https://openalex.org/W4388887500","doi":"https://doi.org/10.1145/3605764.3623903"},"language":"en","primary_location":{"id":"doi:10.1145/3605764.3623903","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623903","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2311.14005","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5093313317","display_name":"Beno\u00eet Coqueret","orcid":"https://orcid.org/0009-0006-1539-4702"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en sciences et technologies du num\u00e9rique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"government","lineage":["https://openalex.org/I1326498283"]},{"id":"https://openalex.org/I2802519937","display_name":"Institut de Recherche en Informatique et Syst\u00e8mes Al\u00e9atoires","ror":"https://ror.org/00myn0z94","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I205703379","https://openalex.org/I2802204017","https://openalex.org/I2802519937","https://openalex.org/I28221208","https://openalex.org/I4210127572","https://openalex.org/I4210159245","https://openalex.org/I56067802"]},{"id":"https://openalex.org/I4210140930","display_name":"Thales (France)","ror":"https://ror.org/04emwm605","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210140930"]},{"id":"https://openalex.org/I56067802","display_name":"Universit\u00e9 de Rennes","ror":"https://ror.org/015m7wh34","country_code":"FR","type":"education","lineage":["https://openalex.org/I56067802"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Beno\u00eet Coqueret","raw_affiliation_strings":["Thales ITSEF & University of Rennes, INRIA, IRISA, Toulouse, France"],"raw_orcid":"https://orcid.org/0009-0006-1539-4702","affiliations":[{"raw_affiliation_string":"Thales ITSEF & University of Rennes, INRIA, IRISA, Toulouse, France","institution_ids":["https://openalex.org/I2802519937","https://openalex.org/I4210140930","https://openalex.org/I56067802","https://openalex.org/I1326498283"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028224513","display_name":"Mathieu Carbone","orcid":"https://orcid.org/0009-0002-8539-7512"},"institutions":[{"id":"https://openalex.org/I4210140930","display_name":"Thales (France)","ror":"https://ror.org/04emwm605","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210140930"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Mathieu Carbone","raw_affiliation_strings":["Thales ITSEF, Toulouse, France","Thales SIX GTS France (92230 Gennevilliers - France)"],"raw_orcid":"https://orcid.org/0009-0002-8539-7512","affiliations":[{"raw_affiliation_string":"Thales ITSEF, Toulouse, France","institution_ids":["https://openalex.org/I4210140930"]},{"raw_affiliation_string":"Thales SIX GTS France (92230 Gennevilliers - France)","institution_ids":["https://openalex.org/I4210140930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012353019","display_name":"Olivier Sentieys","orcid":"https://orcid.org/0000-0003-4334-6418"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en sciences et technologies du num\u00e9rique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"government","lineage":["https://openalex.org/I1326498283"]},{"id":"https://openalex.org/I2802519937","display_name":"Institut de Recherche en Informatique et Syst\u00e8mes Al\u00e9atoires","ror":"https://ror.org/00myn0z94","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I205703379","https://openalex.org/I2802204017","https://openalex.org/I2802519937","https://openalex.org/I28221208","https://openalex.org/I4210127572","https://openalex.org/I4210159245","https://openalex.org/I56067802"]},{"id":"https://openalex.org/I56067802","display_name":"Universit\u00e9 de Rennes","ror":"https://ror.org/015m7wh34","country_code":"FR","type":"education","lineage":["https://openalex.org/I56067802"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Olivier Sentieys","raw_affiliation_strings":["University of Rennes, INRIA, IRISA, Rennes, France"],"raw_orcid":"https://orcid.org/0000-0003-4334-6418","affiliations":[{"raw_affiliation_string":"University of Rennes, INRIA, IRISA, Rennes, France","institution_ids":["https://openalex.org/I2802519937","https://openalex.org/I56067802","https://openalex.org/I1326498283"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009315520","display_name":"Gabriel Zaid","orcid":null},"institutions":[{"id":"https://openalex.org/I4210140930","display_name":"Thales (France)","ror":"https://ror.org/04emwm605","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210140930"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Gabriel Zaid","raw_affiliation_strings":["Thales ITSEF, Toulouse, France","Thales SIX GTS France (92230 Gennevilliers - France)"],"raw_orcid":"https://orcid.org/0000-0002-4143-6287","affiliations":[{"raw_affiliation_string":"Thales ITSEF, Toulouse, France","institution_ids":["https://openalex.org/I4210140930"]},{"raw_affiliation_string":"Thales SIX GTS France (92230 Gennevilliers - France)","institution_ids":["https://openalex.org/I4210140930"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5093313317"],"corresponding_institution_ids":["https://openalex.org/I1326498283","https://openalex.org/I2802519937","https://openalex.org/I4210140930","https://openalex.org/I56067802"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.15460388,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"127","last_page":"138"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9891999959945679,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7491020560264587},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6570471525192261},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.6467086672782898},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5224041938781738},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.508948564529419},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4700518846511841},{"id":"https://openalex.org/keywords/channel","display_name":"Channel (broadcasting)","score":0.4585430920124054},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4379206895828247},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3561664819717407},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.29533451795578003},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.1600634753704071}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7491020560264587},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6570471525192261},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.6467086672782898},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5224041938781738},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.508948564529419},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4700518846511841},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.4585430920124054},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4379206895828247},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3561664819717407},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29533451795578003},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.1600634753704071}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3605764.3623903","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623903","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2311.14005","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2311.14005","pdf_url":"https://arxiv.org/pdf/2311.14005","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:HAL:hal-04320434v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04320434","pdf_url":"https://hal.science/hal-04320434v1/file/AISEC_2023_final_hal_version.pdf","source":{"id":"https://openalex.org/S4406922461","display_name":"SPIRE - Sciences Po Institutional REpository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"AISec 2023 - 16th ACM Workshop on Artificial Intelligence and Security, Nov 2023, Copenhagen, Denmark. pp.127-138, ⟨10.1145/3605764.3623903⟩","raw_type":"Conference papers"},{"id":"pmh:oai:HAL:hal-04785343v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04785343","pdf_url":null,"source":{"id":"https://openalex.org/S4406922461","display_name":"SPIRE - Sciences Po Institutional REpository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ESSAI 2024 - 1st edition European Symposium on Security and Artificial Intelligence (ESSAI), Nov 2024, Rennes, France","raw_type":"Conference papers"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2311.14005","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2311.14005","pdf_url":"https://arxiv.org/pdf/2311.14005","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388887500.pdf","grobid_xml":"https://content.openalex.org/works/W4388887500.grobid-xml"},"referenced_works_count":57,"referenced_works":["https://openalex.org/W249674870","https://openalex.org/W846519969","https://openalex.org/W1412796964","https://openalex.org/W1522301498","https://openalex.org/W1607006990","https://openalex.org/W1673923490","https://openalex.org/W1774054610","https://openalex.org/W1821462560","https://openalex.org/W1945616565","https://openalex.org/W2051267297","https://openalex.org/W2112796928","https://openalex.org/W2180612164","https://openalex.org/W2350778671","https://openalex.org/W2556867355","https://openalex.org/W2565125333","https://openalex.org/W2594163571","https://openalex.org/W2743361889","https://openalex.org/W2746600820","https://openalex.org/W2746796098","https://openalex.org/W2786104118","https://openalex.org/W2810611310","https://openalex.org/W2883285025","https://openalex.org/W2907463061","https://openalex.org/W2912918068","https://openalex.org/W2914422142","https://openalex.org/W2914572864","https://openalex.org/W2953384591","https://openalex.org/W2963037989","https://openalex.org/W2963062382","https://openalex.org/W2963070423","https://openalex.org/W2963446712","https://openalex.org/W2963542245","https://openalex.org/W2963857521","https://openalex.org/W2964318098","https://openalex.org/W2965565691","https://openalex.org/W2990296674","https://openalex.org/W2991873520","https://openalex.org/W3012561096","https://openalex.org/W3025224414","https://openalex.org/W3027631056","https://openalex.org/W3046856047","https://openalex.org/W3106412272","https://openalex.org/W3213793813","https://openalex.org/W4242053016","https://openalex.org/W4285815767","https://openalex.org/W4288117700","https://openalex.org/W4295312788","https://openalex.org/W4297775537","https://openalex.org/W4308829891","https://openalex.org/W4318337940","https://openalex.org/W4318464963","https://openalex.org/W4320013936","https://openalex.org/W4320147968","https://openalex.org/W4380085683","https://openalex.org/W4386585702","https://openalex.org/W4387185380","https://openalex.org/W6912314808"],"related_works":["https://openalex.org/W2950183588","https://openalex.org/W3080754722","https://openalex.org/W3093978547","https://openalex.org/W2953536436","https://openalex.org/W3009622996","https://openalex.org/W3203790781","https://openalex.org/W4313346231","https://openalex.org/W2738001131","https://openalex.org/W4285785480","https://openalex.org/W2997056298"],"abstract_inverted_index":{"Artificial":[0],"intelligence,":[1],"and":[2,45,150,177],"specifically":[3],"deep":[4],"neural":[5,102,186],"networks":[6],"(DNNs),":[7],"has":[8,30,95,125],"rapidly":[9],"emerged":[10],"in":[11,56,82],"the":[12,16,61,67,70,90,93,98,101,105,108,123,129,144,164,175,184,196,214,217],"past":[13],"decade":[14],"as":[15,203],"standard":[17],"for":[18,166,207],"several":[19],"tasks":[20],"from":[21],"specific":[22],"advertising":[23],"to":[24,34,52,59,66,78,97,128,162,173,182],"object":[25],"detection.":[26],"The":[27],"performance":[28],"offered":[29],"led":[31],"DNN":[32],"algorithms":[33],"become":[35],"a":[36,57,117,155,167,204],"part":[37],"of":[38,100,107,191,198],"critical":[39],"embedded":[40],"systems,":[41],"requiring":[42,212],"both":[43],"efficiency":[44],"reliability.":[46],"In":[47,112,131],"particular,":[48,132],"DNNs":[49],"are":[50],"subject":[51],"malicious":[53],"examples":[54,181],"designed":[55],"way":[58],"fool":[60,183],"network":[62],"while":[63],"being":[64],"undetectable":[65],"human":[68],"observer:":[69],"adversarial":[71,180,192],"examples.":[72],"While":[73],"previous":[74],"studies":[75],"propose":[76,134],"frameworks":[77,211],"implement":[79],"such":[80],"attacks":[81],"black":[83,110,119],"box":[84,120],"settings,":[85],"those":[86],"often":[87],"rely":[88],"on":[89],"hypothesis":[91],"that":[92,158],"attacker":[94,124,172],"access":[96,127],"logits":[99,165,199,215],"network,":[103],"breaking":[104],"assumption":[106],"traditional":[109],"box.":[111],"this":[113,140,189],"paper,":[114],"we":[115,133,194],"investigate":[116],"real":[118],"scenario":[121],"where":[122],"no":[126],"logits.":[130,145],"an":[135,171],"architecture-agnostic":[136],"attack":[137,157,210],"which":[138],"solve":[139],"constraint":[141],"by":[142,153],"extracting":[143],"Our":[146],"method":[147],"combines":[148],"hardware":[149],"software":[151],"attacks,":[152],"performing":[154],"side-channel":[156,202],"exploits":[159],"electromagnetic":[160],"leakages":[161],"extract":[163],"given":[168],"input,":[169],"allowing":[170],"estimate":[174],"gradients":[176],"produce":[178],"state-of-the-art":[179],"targeted":[185],"network.":[187],"Through":[188],"example":[190],"attack,":[193],"demonstrate":[195],"effectiveness":[197],"extraction":[200],"using":[201],"first":[205],"step":[206],"more":[208],"general":[209],"either":[213],"or":[216],"confidence":[218],"scores.":[219]},"counts_by_year":[],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}