How to fool a black box machine learning based side-channel security evaluation

Ouytsel, Charles-Henry Bertrand Van; Bronchain, Olivier; Cassiers, Gaëtan; Standaert, François‐Xavier

doi:10.1007/s12095-021-00479-x

Cited by 3 publications

(1 citation statement)

References 34 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deep learning often tends to make incorrect over-confident predictions on noisy/distorted data [5]. Furthermore, their "black-box" nature makes it extremely difficult to audit their decisions [6], [7].…”

Section: Introductionmentioning

confidence: 99%

Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks

Soares

Angelov

Suri

2022

2022 IEEE Symposium Series on Computational Intelligence (SSCI)

View full text Add to dashboard Cite

Deep neural networks (DNN's) have become essential for solving diverse complex problems and have achieved considerable success in tackling computer vision tasks. However, DNN's are vulnerable to human-imperceptible adversarial distortion/noise patterns that can detrimentally impact safetycritical applications such as autonomous driving. In this paper, we introduce a novel robust-by-design deep learning approach, Si m-DNN, that is able to detect adversarial attacks through its inner defense mechanism that considers the degree of similarity between new data samples and autonomously chosen prototypes. The approach benefits from the abrupt drop of the similarity score to detect concept changes caused by distorted/noise data when comparing their similarities against the set of prototypes. Due to the feed-forward prototypebased architecture of Si m-DNN, no re-training or adversarial training is required. In order to evaluate the robustness of the proposed method, we considered the recently introduced ImageNet-R dataset and different adversarial attack methods such as FGSM, PGD, and DDN. Different DNN's methods were also considered in the analysis. Results have shown that the proposed Si m-DNN is able to detect adversarial attacks with better performance than its mainstream competitors. Moreover, as no adversarial training is required by Si m-DNN, its performance on clean and robust images is more stable than its competitors which require an external defense mechanism to improve their robustness.

show abstract

Section: Introductionmentioning

confidence: 99%

Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks

Soares

Angelov

Suri

2022

2022 IEEE Symposium Series on Computational Intelligence (SSCI)

View full text Add to dashboard Cite

show abstract

Reinforcement Learning-Based Design of Side-Channel Countermeasures

Rijsdijk

Perin

2022

Security, Privacy, and Applied Cryptography Engineering

View full text Add to dashboard Cite

Deep learning-based side-channel attacks are capable of breaking targets protected with countermeasures. The constant progress in the last few years makes the attacks more powerful, requiring fewer traces to break a target. Unfortunately, to protect against such attacks, we still rely solely on methods developed to protect against generic attacks. The works considering the protection perspective are few and usually based on the adversarial examples concepts, which are not always easy to translate to real-world hardware implementations.In this work, we ask whether we can develop combinations of countermeasures that protect against side-channel attacks. We consider several widely adopted hiding countermeasures and use the reinforcement learning paradigm to design specific countermeasures that show resilience against deep learning-based side-channel attacks. Our results show that it is possible to significantly enhance the target resilience to a point where deep learning-based attacks cannot obtain secret information. At the same time, we consider the cost of implementing such countermeasures to balance security and implementation costs. The optimal countermeasure combinations can serve as development guidelines for real-world hardware/software-based protection schemes.

show abstract