Deep neural networks are becoming popular and important assets of many AI companies. However, recent studies indicate that they are also vulnerable to adversarial attacks. Adversarial attacks can be either white-box or black-box. The white-box attacks assume full knowledge of the models while the black-box ones assume none. In general, revealing more internal information can enable much more powerful and efficient attacks. However, in most real-world applications, the internal information of embedded AI devices is unavailable, i.e., they are black-box. Therefore, in this work, we propose a side-channel information based technique to reveal the internal information of black-box models. Specifically, we have made the following contributions: (1) we are the first to use side-channel information to reveal internal network architecture in embedded devices;(2) we are the first to construct models for internal parameter estimation; and (3) we validate our methods on real-world devices and applications. The experimental results show that our method can achieve 96.50% accuracy on average. Such results suggest that we should pay strong attention to the security problem of many AI applications, and further propose corresponding defensive strategies in the future.Index Terms-Deep learning, machine learning, model identification, side-channel attack, adversarial attacks.
Passive indoor localization techniques can have many important applications. They are nonintrusive and do not require users carrying measuring devices. Therefore, indoor localization techniques are widely used in many critical areas, such as security, logistics, healthcare, etc. However, because of the unpredictable indoor environment dynamics, the existing nonintrusive indoor localization techniques can be quite inaccurate, which greatly limits their real-world applications. To address those problems, in this work, we develop a channel state information (CSI) based indoor localization technique. Unlike the existing methods, we employ both the intra-subcarrier statistics features and the inter-subcarrier network features. Specifically, we make the following contributions: (1) we design a novel passive indoor localization algorithm which combines the statistics and network features; (2) we modify the visibility graph (VG) technique to build complex networks for the indoor localization applications; and (3) we demonstrate the effectiveness of our technique using real-world deployments. The experimental results show that our technique can achieve about 96% accuracy on average and is more than 9% better than the state-of-the-art techniques.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.