{"id":"https://openalex.org/W4412438882","doi":"https://doi.org/10.1145/3709017.3737712","title":"Extracting Proxy Models from Side-Channel Insights to Enhance Adversarial Attacks on Black-Box DNNs","display_name":"Extracting Proxy Models from Side-Channel Insights to Enhance Adversarial Attacks on Black-Box DNNs","publication_year":2025,"publication_date":"2025-07-15","ids":{"openalex":"https://openalex.org/W4412438882","doi":"https://doi.org/10.1145/3709017.3737712"},"language":"en","primary_location":{"id":"doi:10.1145/3709017.3737712","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3709017.3737712","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM Cyber-Physical System Security Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3709017.3737712","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081321020","display_name":"Srivatsan Chandrasekar","orcid":"https://orcid.org/0000-0002-0236-8533"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Srivatsan Chandrasekar","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-0236-8533","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118993033","display_name":"Likith Anaparty","orcid":null},"institutions":[{"id":"https://openalex.org/I4210113248","display_name":"Indian Institute of Technology Palakkad","ror":"https://ror.org/0264cg909","country_code":"IN","type":"facility","lineage":["https://openalex.org/I4210113248"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Likith Anaparty","raw_affiliation_strings":["Indian Institute of Technology, Palakkad, Kerala, India"],"raw_orcid":"https://orcid.org/0009-0006-6248-0830","affiliations":[{"raw_affiliation_string":"Indian Institute of Technology, Palakkad, Kerala, India","institution_ids":["https://openalex.org/I4210113248"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002694277","display_name":"Siew-Kei Lam","orcid":"https://orcid.org/0000-0002-8346-2635"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Siew-Kei Lam","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-8346-2635","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033371948","display_name":"Vivek Chaturvedi","orcid":"https://orcid.org/0000-0003-1358-0107"},"institutions":[{"id":"https://openalex.org/I4210113248","display_name":"Indian Institute of Technology Palakkad","ror":"https://ror.org/0264cg909","country_code":"IN","type":"facility","lineage":["https://openalex.org/I4210113248"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Vivek Chaturvedi","raw_affiliation_strings":["Indian Institute of Technology, Palakkad, Kerala, India"],"raw_orcid":"https://orcid.org/0000-0003-1358-0107","affiliations":[{"raw_affiliation_string":"Indian Institute of Technology, Palakkad, Kerala, India","institution_ids":["https://openalex.org/I4210113248"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5081321020"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.08160459,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"52","last_page":"63"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9728000164031982,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9696999788284302,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/proxy","display_name":"Proxy (statistics)","score":0.7923039197921753},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7835574150085449},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.7060995697975159},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6773502230644226},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.6441962718963623},{"id":"https://openalex.org/keywords/channel","display_name":"Channel (broadcasting)","score":0.4893428683280945},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3750758767127991},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.30228951573371887},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.19808050990104675},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.19806748628616333},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.14958086609840393}],"concepts":[{"id":"https://openalex.org/C2780148112","wikidata":"https://www.wikidata.org/wiki/Q1432581","display_name":"Proxy (statistics)","level":2,"score":0.7923039197921753},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7835574150085449},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.7060995697975159},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6773502230644226},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.6441962718963623},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.4893428683280945},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3750758767127991},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.30228951573371887},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.19808050990104675},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.19806748628616333},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.14958086609840393}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3709017.3737712","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3709017.3737712","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM Cyber-Physical System Security Workshop","raw_type":"proceedings-article"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/201977","is_oa":false,"landing_page_url":"https://hdl.handle.net/10356/201977","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"Conference Paper"}],"best_oa_location":{"id":"doi:10.1145/3709017.3737712","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3709017.3737712","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM Cyber-Physical System Security Workshop","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1992787530","https://openalex.org/W2094691152","https://openalex.org/W2108598243","https://openalex.org/W2131728778","https://openalex.org/W2187013920","https://openalex.org/W2194775991","https://openalex.org/W2603766943","https://openalex.org/W2774018344","https://openalex.org/W2774644650","https://openalex.org/W2809523935","https://openalex.org/W2962856739","https://openalex.org/W2963163009","https://openalex.org/W2969695741","https://openalex.org/W3008388281","https://openalex.org/W3091214985","https://openalex.org/W3102836279","https://openalex.org/W3140854437","https://openalex.org/W3158874989","https://openalex.org/W3194922745","https://openalex.org/W3207691711","https://openalex.org/W4292762229","https://openalex.org/W4294691467","https://openalex.org/W4367368092","https://openalex.org/W4386081609","https://openalex.org/W4387735260","https://openalex.org/W4390284886"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4310988119","https://openalex.org/W4285226279","https://openalex.org/W3009622996"],"abstract_inverted_index":{"Side-channel":[0],"information":[1,53],"leakage":[2],"can":[3],"be":[4],"exploited":[5],"to":[6,26,45,71,84,87,118,124,136,141,156,194],"reverse":[7],"engineer":[8],"critical":[9],"architectural":[10,52],"details":[11,25],"of":[12,54,60,92,134],"a":[13,19,28,33,42,181],"target":[14,96,107,126,148,176],"DNN":[15,55,97],"model":[16,177],"executing":[17],"on":[18],"hardware":[20],"accelerator.":[21],"However,":[22],"using":[23,103,150],"these":[24,85],"apply":[27],"practical":[29],"adversarial":[30,89,131,153,171,191,200],"attack":[31],"remains":[32],"significant":[34],"challenge.":[35],"In":[36],"this":[37,77],"paper,":[38],"we":[39,68,129],"first":[40],"introduce":[41],"novel":[43],"approach":[44],"analyze":[46],"side-channel":[47],"data":[48],"and":[49,63,109,138],"extract":[50],"detailed":[51],"models,":[56,108,159],"including":[57],"accurate":[58],"prediction":[59],"layer":[61],"hyperparameters":[62],"inter-layer":[64],"skip":[65],"connections.":[66],"Next,":[67],"develop":[69],"techniques":[70,102],"construct":[72],"effective":[73],"proxy":[74,114,185],"models":[75,115,149,186,197],"from":[76],"information.":[78],"We":[79,99],"then":[80],"leverage":[81],"white-box":[82],"access":[83],"proxies":[86],"generate":[88,187],"examples":[90,192],"capable":[91],"effectively":[93],"deceiving":[94],"the":[95,112,125,147,151,175],"model.":[98],"illustrate":[100],"our":[101,160,184],"popular":[104],"DNNs":[105],"as":[106,165,167],"demonstrate":[110],"that":[111],"constructed":[113],"achieve":[116,130],"up":[117,135,140],"89.8%":[119],"similarity":[120],"in":[121,144,146,169,198],"performance":[122],"compared":[123,193],"models.":[127],"Furthermore,":[128],"transferability":[132,163],"rates":[133],"72.34%":[137],"induce":[139],"60.4%":[142],"drop":[143],"accuracy":[145],"crafted":[152],"images.":[154],"Compared":[155],"off-the-shelf":[157],"substitute":[158,196],"method":[161],"improves":[162],"by":[164,180],"much":[166],"30%":[168],"untargeted":[170,199],"attacks.":[172,201],"Even":[173],"when":[174],"is":[178],"protected":[179],"state-of-the-art":[182],"denoiser,":[183],"5.5%":[188],"more":[189],"transferable":[190],"other":[195]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}