{"id":"https://openalex.org/W4405182415","doi":"https://doi.org/10.1145/3658644.3690241","title":"DeepCache: Revisiting Cache Side-Channel Attacks in Deep Neural Networks Executables","display_name":"DeepCache: Revisiting Cache Side-Channel Attacks in Deep Neural Networks Executables","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405182415","doi":"https://doi.org/10.1145/3658644.3690241"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690241","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690241","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690241","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690241","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100748265","display_name":"Zhibo Liu","orcid":"https://orcid.org/0000-0001-9210-156X"},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":true,"raw_author_name":"Zhibo Liu","raw_affiliation_strings":["The Hong Kong University of Science and Technology Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong University of Science and Technology Hong Kong, China","institution_ids":["https://openalex.org/I200769079"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024293177","display_name":"Yuanyuan Yuan","orcid":"https://orcid.org/0000-0002-3053-8923"},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Yuanyuan Yuan","raw_affiliation_strings":["The Hong Kong University of Science and Technology Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong University of Science and Technology Hong Kong, China","institution_ids":["https://openalex.org/I200769079"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114831628","display_name":"Yanzuo Chen","orcid":"https://orcid.org/0009-0003-4633-8103"},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Yanzuo Chen","raw_affiliation_strings":["The Hong Kong University of Science and Technology Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong University of Science and Technology Hong Kong, China","institution_ids":["https://openalex.org/I200769079"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109638257","display_name":"Sihang Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Sihang Hu","raw_affiliation_strings":["Huawei Technologies Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Huawei Technologies Shenzhen, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101785031","display_name":"Tianxiang Li","orcid":"https://orcid.org/0009-0006-6763-144X"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tianxiang Li","raw_affiliation_strings":["Huawei Technologies Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Huawei Technologies Shenzhen, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100328264","display_name":"Shuai Wang","orcid":"https://orcid.org/0000-0002-0866-0308"},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Shuai Wang","raw_affiliation_strings":["The Hong Kong University of Science and Technology Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong University of Science and Technology Hong Kong, China","institution_ids":["https://openalex.org/I200769079"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100748265"],"corresponding_institution_ids":["https://openalex.org/I200769079"],"apc_list":null,"apc_paid":null,"fwci":1.0785,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.82470342,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"4495","last_page":"4508"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8491251468658447},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.7885976433753967},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.7139606475830078},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.6775033473968506},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5830985307693481},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.5189542770385742},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.4638614058494568},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.4585198760032654},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.4579258859157562},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.42557772994041443},{"id":"https://openalex.org/keywords/computer-engineering","display_name":"Computer engineering","score":0.3549010753631592},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3482625484466553},{"id":"https://openalex.org/keywords/computer-architecture","display_name":"Computer architecture","score":0.3248598575592041},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.19012370705604553},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.12840455770492554},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.0976182222366333}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8491251468658447},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.7885976433753967},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.7139606475830078},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.6775033473968506},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5830985307693481},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.5189542770385742},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.4638614058494568},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.4585198760032654},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.4579258859157562},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.42557772994041443},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.3549010753631592},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3482625484466553},{"id":"https://openalex.org/C118524514","wikidata":"https://www.wikidata.org/wiki/Q173212","display_name":"Computer architecture","level":1,"score":0.3248598575592041},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.19012370705604553},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.12840455770492554},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0976182222366333}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3658644.3690241","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690241","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690241","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:repository.hkust.edu.hk:1783.1-147318","is_oa":false,"landing_page_url":"http://repository.hkust.edu.hk/ir/Record/1783.1-147318","pdf_url":null,"source":{"id":"https://openalex.org/S4306401796","display_name":"Rare & Special e-Zone (The Hong Kong University of Science and Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200769079","host_organization_name":"Hong Kong University of Science and Technology","host_organization_lineage":["https://openalex.org/I200769079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference paper"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690241","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690241","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690241","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405182415.pdf","grobid_xml":"https://content.openalex.org/works/W4405182415.grobid-xml"},"referenced_works_count":42,"referenced_works":["https://openalex.org/W1488058190","https://openalex.org/W1903029394","https://openalex.org/W1934458198","https://openalex.org/W2001759130","https://openalex.org/W2013592197","https://openalex.org/W2035091681","https://openalex.org/W2119028650","https://openalex.org/W2135050683","https://openalex.org/W2157116240","https://openalex.org/W2161819186","https://openalex.org/W2300687442","https://openalex.org/W2302098303","https://openalex.org/W2526830364","https://openalex.org/W2535690855","https://openalex.org/W2734941459","https://openalex.org/W2794670651","https://openalex.org/W2795193970","https://openalex.org/W2796933658","https://openalex.org/W2895340898","https://openalex.org/W2906737663","https://openalex.org/W2914630606","https://openalex.org/W2916437501","https://openalex.org/W2996936831","https://openalex.org/W3012221736","https://openalex.org/W3015291177","https://openalex.org/W3015369179","https://openalex.org/W3015685940","https://openalex.org/W3034957837","https://openalex.org/W3081497074","https://openalex.org/W3082305010","https://openalex.org/W3102836279","https://openalex.org/W3114482311","https://openalex.org/W3118164462","https://openalex.org/W3170937175","https://openalex.org/W3170981104","https://openalex.org/W3175818677","https://openalex.org/W3211301023","https://openalex.org/W3213793813","https://openalex.org/W3214691374","https://openalex.org/W4313442384","https://openalex.org/W4318541558","https://openalex.org/W4402263668"],"related_works":["https://openalex.org/W2350278424","https://openalex.org/W2071432835","https://openalex.org/W4239401009","https://openalex.org/W4234371507","https://openalex.org/W1628824497","https://openalex.org/W2357088637","https://openalex.org/W2759596553","https://openalex.org/W3131321414","https://openalex.org/W4212981280","https://openalex.org/W2751059292"],"abstract_inverted_index":{"Deep":[0],"neural":[1],"networks":[2],"(DNN)":[3],"are":[4,63,171],"increasingly":[5],"deployed":[6],"in":[7,162,187,251],"heterogeneous":[8],"hardware,":[9,34,184],"including":[10],"high-performance":[11],"devices":[12,17],"like":[13,18],"GPUs":[14],"and":[15,22,44,88,110,151,226,230,263],"low-power":[16],"mobile/IoT":[19],"CPUs,":[20],"FPGAs,":[21],"accelerators.":[23],"In":[24],"order":[25],"to":[26,79,178,208,233],"unlock":[27],"the":[28,73,140,167,180,223,240,258,264],"full":[29,181],"performance":[30],"potential":[31],"of":[32,75,139,183],"various":[33],"deep":[35],"learning":[36,229],"(DL)":[37],"compilers":[38,177],"automatically":[39],"optimize":[40],"DNN":[41,46,49,61,81,99,105,117,142,163,189,210,214,254],"inference":[42],"computations":[43,53],"compile":[45],"models":[47],"into":[48],"executables":[50,106,118,255],"for":[51],"efficient":[52],"across":[54],"hardware":[55],"backends.":[56],"As":[57],"valuable":[58],"intellectual":[59],"properties,":[60],"architectures":[62,82,212],"one":[64],"primary":[65],"attack":[66,129,160,206,262,273],"target.":[67],"Since":[68],"previous":[69],"works":[70,112],"already":[71],"demonstrate":[72],"abuse":[74],"cache":[76,126,132,191,219,261,271],"side":[77,127,133,204,220],"channels":[78,134,221],"steal":[80],"from":[83,213],"DL":[84,176],"frameworks":[85],"(e.g.,":[86,149],"PyTorch":[87],"TensorFlow),":[89],"we":[90,156],"first":[91],"study":[92],"using":[93,239],"those":[94],"known":[95],"side-channel":[96],"attacks":[97],"against":[98],"executables.":[100,215],"We":[101,199],"find":[102],"that":[103,123,166,244],"attacking":[104,224],"presents":[107],"unique":[108,159],"challenges,":[109],"existing":[111],"can":[113],"hardly":[114],"apply.":[115],"Particularly,":[116],"exhibit":[119],"a":[120,158,248],"standalone":[121],"paradigm":[122],"largely":[124],"reduces":[125],"channel":[128,205],"surfaces.":[130],"Meanwhile,":[131],"capture":[135],"only":[136],"limited":[137],"behaviors":[138],"whole":[141],"execution":[143],"while":[144],"facing":[145],"daunting":[146],"technical":[147],"challenges":[148],"noise":[150],"low":[152],"time":[153],"resolution).":[154],"However,":[155],"unveil":[157],"vector":[161],"executables,":[164],"such":[165],"cache-aware":[168],"optimizations,":[169],"which":[170],"extensively":[172],"employed":[173],"by":[174],"contemporary":[175],"harvest":[179],"potentials":[182],"would":[185],"result":[186],"distinguishable":[188],"operator":[190],"access":[192],"patterns,":[193],"making":[194],"model":[195,211],"architecture":[196],"recovery":[197],"possible.":[198],"propose":[200],"DeepCache,":[201],"an":[202],"end-to-end":[203],"framework,":[207],"infer":[209],"DeepCache":[216,245],"\\":[217,246],"leverages":[218],"as":[222],"primitives":[225],"combines":[227],"contrastive":[228],"anomaly":[231],"detection":[232],"enable":[234],"precise":[235],"inference.":[236],"Our":[237],"evaluation":[238],"standard":[241],"Prime+Probe":[242],"shows":[243],"yields":[247],"high":[249],"accuracy":[250],"exploiting":[252],"complex":[253],"under":[256],"both":[257],"basic":[259],"L1":[260],"more":[265],"practical":[266],"but":[267],"challenging":[268],"last":[269],"level":[270],"(LLC)":[272],"settings.":[274]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-14T08:43:22.919905","created_date":"2025-10-10T00:00:00"}