{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:57:10Z","timestamp":1773154630822,"version":"3.50.1"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031649479","type":"print"},{"value":"9783031649486","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,10,13]],"date-time":"2024-10-13T00:00:00Z","timestamp":1728777600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,13]],"date-time":"2024-10-13T00:00:00Z","timestamp":1728777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-64948-6_4","type":"book-chapter","created":{"date-parts":[[2024,10,12]],"date-time":"2024-10-12T09:02:09Z","timestamp":1728723729000},"page":"63-87","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["DNN Architecture Attacks via\u00a0Network and\u00a0Power Side Channels"],"prefix":"10.1007","author":[{"given":"Yuanjun","family":"Dai","sequence":"first","affiliation":[]},{"given":"Qingzhe","family":"Guo","sequence":"additional","affiliation":[]},{"given":"An","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,13]]},"reference":[{"key":"4_CR1","unstructured":"Choquette-Choo, C.A., Tramer, F., Carlini, N., Papernot, N.: Label-only membership inference attacks. In: International Conference on Machine Learning, pp. 1964\u20131974. PMLR (2021)"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Jia, J., Salem, A., Backes, M., Zhang, Y., Gong, N.Z.: MemGuard: defending against black-box membership inference attacks via adversarial examples. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 259\u2013274 (2019)","DOI":"10.1145\/3319535.3363201"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Juuti, M., Szyller, S., Marchal, S., Asokan, N.: PRADA: protecting against DNN model stealing attacks. In: 2019 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 512\u2013527. IEEE (2019)","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Kesarwani, M., Mukhoty, B., Arya, V., Mehta, S.: Model extraction warning in MLaaS paradigm. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 371\u2013380 (2018)","DOI":"10.1145\/3274694.3274740"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Li, Y., Liu, I.-J., Yuan, Y., Chen, D., Schwing, A., Huang, J.: Accelerating distributed reinforcement learning with in-switch computing. In: 2019 ACM\/IEEE 46th Annual International Symposium on Computer Architecture (ISCA), pp. 279\u2013291. IEEE (2019)","DOI":"10.1145\/3307650.3322259"},{"key":"4_CR6","unstructured":"Mai, L., Li, G., Wagenl\u00e4nder, M., Fertakis, K., Brabete, A.-O., Pietzuch, P.: KungFu: making training in distributed machine learning adaptive. In: 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2020), pp. 937\u2013954 (2020)"},{"key":"4_CR7","unstructured":"Ye, Q., Zhou, Y., Shi, M., Sun, Y., Lv, J.: DBS: dynamic batch size for distributed deep neural network training. arXiv preprint arXiv:2007.11831 (2020)"},{"issue":"11","key":"4_CR8","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998)","journal-title":"Proc. IEEE"},{"key":"4_CR9","first-page":"1097","volume":"25","author":"A Krizhevsky","year":"2012","unstructured":"Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. Adv. Neural. Inf. Process. Syst. 25, 1097\u20131105 (2012)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"4_CR10","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)"},{"key":"4_CR11","unstructured":"Iandola, F.N., Han, S., Moskewicz, M.W., Ashraf, K., Dally, W.J., Keutzer, K.: SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and $$<$$ 0.5 mb model size. arXiv preprint arXiv:1602.07360 (2016)"},{"key":"4_CR12","unstructured":"Tan, M., Le, Q.: EfficientNet: rethinking model scaling for convolutional neural networks. In: International Conference on Machine Learning, pp. 6105\u20136114. PMLR (2019)"},{"key":"4_CR13","unstructured":"Mehta, A., Alzayat, M., Viti, R.D., Brandenburg, B.B., Druschel, P., Garg, D.: Pacer: comprehensive network side-channel mitigation in the cloud. In: 31st USENIX Security Symposium (USENIX Security 22) (2022)"},{"key":"4_CR14","unstructured":"Moghimi, D., Lipp, M., Sunar, B., Schwarz, M.: Medusa: microarchitectural data leakage via automated attack synthesis. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 1427\u20131444 (2020)"},{"key":"4_CR15","unstructured":"Shusterman, A., Agarwal, A., O\u2019Connell, S., Genkin, D., Oren, Y., Yarom, Y.: Prime+ probe 1, Javascript 0: overcoming browser-based side-channel defenses. In: 30th USENIX Security Symposium (USENIX Security 2021) (2021)"},{"key":"4_CR16","unstructured":"Yan, M., Fletcher, C.W., Torrellas, J.: Cache telepathy: leveraging shared resource attacks to learn DNN architectures. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2003\u20132020 (2020)"},{"key":"4_CR17","unstructured":"Yao, F., Rakin, A.S., Fan, D.: DeepHammer: depleting the intelligence of deep neural networks through targeted chain of bit flips. In: 29th USENIX Security Symposium (USENIX Security 2020) (2020)"},{"key":"4_CR18","unstructured":"Caltech101 (2021). http:\/\/www.vision.caltech.edu\/Image_Datasets\/Caltech101"},{"key":"4_CR19","unstructured":"CIFAR-10 and CIFAR-100 datasets (2017). https:\/\/www.cs.toronto.edu\/~kriz\/cifar.html"},{"issue":"2","key":"4_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3312570","volume":"16","author":"Y Xu","year":"2019","unstructured":"Xu, Y., Dong, D., Xu, W., Liao, X.: SketchDLC: a sketch on distributed deep learning communication via trace capturing. ACM Trans. Archit. Code Optim. (TACO) 16(2), 1\u201326 (2019)","journal-title":"ACM Trans. Archit. Code Optim. (TACO)"},{"key":"4_CR21","unstructured":"Memory Consumption (2021). https:\/\/mxnet.apache.org\/versions\/1.8.0\/api\/architecture\/note_memory"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Chandola, V., Vatsavai, R.R.: A gaussian process based online change detection algorithm for monitoring periodic time series. In: Proceedings of the 2011 SIAM International Conference on Data Mining, pp. 95\u2013106. SIAM (2011)","DOI":"10.1137\/1.9781611972818.9"},{"issue":"2","key":"4_CR23","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1002\/sam.10124","volume":"5","author":"Y Kawahara","year":"2012","unstructured":"Kawahara, Y., Sugiyama, M.: Sequential change-point detection based on direct density-ratio estimation. Stat. Anal. Data Min.: ASA Data Sci. J. 5(2), 114\u2013127 (2012)","journal-title":"Stat. Anal. Data Min.: ASA Data Sci. J."},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Ristanoski, G., Liu, W., Bailey, J.: A time-dependent enhanced support vector machine for time series regression. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 946\u2013954 (2013)","DOI":"10.1145\/2487575.2487655"},{"key":"4_CR25","unstructured":"Kanasewich, E.R.: Time sequence analysis in geophysics. University of Alberta (1981)"},{"key":"4_CR26","unstructured":"ZeroMQ (2021). https:\/\/zeromq.org"},{"key":"4_CR27","unstructured":"Wang, S., Zhou, T., Bilmes, J.: Bias also matters: bias attribution for deep neural network explanation. In: International Conference on Machine Learning, pp. 6659\u20136667. PMLR (2019)"},{"key":"4_CR28","unstructured":"RedisLabs. memtier_benchmark (2021). https:\/\/github.com\/RedisLabs\/memtier_benchmark"},{"key":"4_CR29","unstructured":"Batina, L., Bhasin, S., Jap, D., Picek, S.: CSI NN: reverse engineering of neural network architectures through electromagnetic side channel. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 515\u2013532 (2019)"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Gu, J., Wang, J., Yu, Z., Shen, K.: Walls have ears: traffic-based side-channel attack in video streaming. In: IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pp. 1538\u20131546. IEEE (2018)","DOI":"10.1109\/INFOCOM.2018.8486211"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Xu, S., Sen, S., Mao, Z.M.: CSI: inferring mobile abr video adaptation behavior under https and QUIC. In: Proceedings of the Fifteenth European Conference on Computer Systems, pp. 1\u201316 (2020)","DOI":"10.1145\/3342195.3387558"},{"key":"4_CR32","unstructured":"Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., Feamster, N.: Spying on the smart home: privacy attacks and defenses on encrypted IoT traffic. arXiv preprint arXiv:1708.05044 (2017)"},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Wei, J., Zhang, Y., Zhou, Z., Li, Z., Al\u00a0Faruque, M.A.: Leaky DNN: stealing deep-learning model secret with GPU context-switching side-channel. In: 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 125\u2013137. IEEE (2020)","DOI":"10.1109\/DSN48063.2020.00031"},{"key":"4_CR34","doi-asserted-by":"crossref","unstructured":"Wei, L., Luo, B., Li, Y., Liu, Y., Xu, Q.: I know what you see: power side-channel attack on convolutional neural network accelerators. in: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 393\u2013406 (2018)","DOI":"10.1145\/3274694.3274696"},{"key":"4_CR35","unstructured":"Hu, X., et al.: Neural network model extraction attacks in edge devices by hearing architectural hints. arXiv preprint arXiv:1903.03916 (2019)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-64948-6_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,12]],"date-time":"2024-10-12T09:03:31Z","timestamp":1728723811000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-64948-6_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,13]]},"ISBN":["9783031649479","9783031649486"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-64948-6_4","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,13]]},"assertion":[{"value":"13 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hong Kong","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 October 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy +","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"180","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"50","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}