Effectiveness of a Timing Side Channel for Deriving Neural Network Depth

Author

Matthew P. Weeks

Date of Award

3-2023

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Scott R. Graham, PhD

Abstract

From facial recognition on cell phones to vehicle traffic modeling for city planning, integrating ML models can be an expensive investment in resources. Protecting that investment is difficult, as information about the model and how it was built can be leaked through multiple channels, such as timing and memory access. In this thesis, one method of extracting data through a timing side-channel is examined across multiple hardware and software configurations to determine its reliability for general use. While attempting to determine the layer count of a target model solely from its inference time, the research determined that it is not reliable under all circumstances primarily due to hardware and software optimizations. These optimizations tend to change the variance of inference times for models of a given layer count, which obscures the expected monotonic relationship between the two variables.

AFIT Designator

AFIT-ENG-MS-23-M-068

Comments

Approved for public release: 88ABW-2023-0286

A 12-month embargo was observed.

Recommended Citation

Weeks, Matthew P., "Effectiveness of a Timing Side Channel for Deriving Neural Network Depth" (2023). Theses and Dissertations. 6943.
https://scholar.afit.edu/etd/6943