{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T18:09:55Z","timestamp":1770746995664,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,1,18]],"date-time":"2021-01-18T00:00:00Z","timestamp":1610928000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"DARPA","award":["AISS IV&V"],"award-info":[{"award-number":["AISS IV&V"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,1,18]]},"DOI":"10.1145\/3394885.3431639","type":"proceedings-article","created":{"date-parts":[[2021,1,29]],"date-time":"2021-01-29T11:32:48Z","timestamp":1611919968000},"page":"449-454","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":26,"title":["Security of Neural Networks from Hardware Perspective"],"prefix":"10.1145","author":[{"given":"Qian","family":"Xu","sequence":"first","affiliation":[{"name":"University of Maryland, College Park, Maryland"}]},{"given":"Md Tanvir","family":"Arafin","sequence":"additional","affiliation":[{"name":"Morgan State University, Baltimore, Maryland"}]},{"given":"Gang","family":"Qu","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, Maryland"}]}],"member":"320","published-online":{"date-parts":[[2021,1,29]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 48--55","author":"Alam M. M.","unstructured":"M. M. Alam , S. Tajik , F. Ganji , M. Tehranipoor , and D. Forte . 2019. RAM-Jam: Remote Temperature and Voltage Fault Attack on FPGAs using Memory Collisions . In 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 48--55 . M. M. Alam, S. Tajik, F. Ganji, M. Tehranipoor, and D. Forte. 2019. RAM-Jam: Remote Temperature and Voltage Fault Attack on FPGAs using Memory Collisions. In 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 48--55."},{"key":"e_1_3_2_1_2_1","volume-title":"CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Batina Lejla","year":"2019","unstructured":"Lejla Batina , Shivam Bhasin , Dirmanto Jap , and Stjepan Picek . 2019 . CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, Santa Clara, CA, 515--532. Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. 2019. CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 515--532."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"J. Breier X. Hou D. Jap L. Ma S. Bhasin and Y. Liu. 2018. DeepLaser: Practical Fault Attack on Deep Neural Networks. arXiv: Cryptography and Security (2018).  J. Breier X. Hou D. Jap L. Ma S. Bhasin and Y. Liu. 2018. DeepLaser: Practical Fault Attack on Deep Neural Networks. arXiv: Cryptography and Security (2018).","DOI":"10.1145\/3243734.3278519"},{"key":"e_1_3_2_1_4_1","volume-title":"Hardware-Assisted Intellectual Property Protection of Deep Learning Models. In 2020 57th ACM\/IEEE Design Automation Conference (DAC). 1--6.","author":"Chakraborty A.","unstructured":"A. Chakraborty , A. Mondai , and A. Srivastava . 2020 . Hardware-Assisted Intellectual Property Protection of Deep Learning Models. In 2020 57th ACM\/IEEE Design Automation Conference (DAC). 1--6. A. Chakraborty, A. Mondai, and A. Srivastava. 2020. Hardware-Assisted Intellectual Property Protection of Deep Learning Models. In 2020 57th ACM\/IEEE Design Automation Conference (DAC). 1--6."},{"key":"e_1_3_2_1_5_1","volume-title":"Hardware trojan attacks on neural networks. arXiv preprint arXiv:1806.05768","author":"Clements Joseph","year":"2018","unstructured":"Joseph Clements and Yingjie Lao . 2018. Hardware trojan attacks on neural networks. arXiv preprint arXiv:1806.05768 ( 2018 ). Joseph Clements and Yingjie Lao. 2018. Hardware trojan attacks on neural networks. arXiv preprint arXiv:1806.05768 (2018)."},{"key":"e_1_3_2_1_6_1","volume-title":"Hardware Trojan Design on Neural Networks. In 2019 IEEE International Symposium on Circuits and Systems (ISCAS). 1--5.","author":"Clements J.","unstructured":"J. Clements and Y. Lao . 2019 . Hardware Trojan Design on Neural Networks. In 2019 IEEE International Symposium on Circuits and Systems (ISCAS). 1--5. J. Clements and Y. Lao. 2019. Hardware Trojan Design on Neural Networks. In 2019 IEEE International Symposium on Circuits and Systems (ISCAS). 1--5."},{"key":"e_1_3_2_1_7_1","volume-title":"Floating-Point Multiplication Timing Attack on Deep Neural Network. In 2019 IEEE International Conference on Smart Internet of Things (SmartIoT). 155--161","author":"Dong G.","unstructured":"G. Dong , P. Wang , P. Chen , R. Gu , and H. Hu . 2019 . Floating-Point Multiplication Timing Attack on Deep Neural Network. In 2019 IEEE International Conference on Smart Internet of Things (SmartIoT). 155--161 . G. Dong, P. Wang, P. Chen, R. Gu, and H. Hu. 2019. Floating-Point Multiplication Timing Attack on Deep Neural Network. In 2019 IEEE International Conference on Smart Internet of Things (SmartIoT). 155--161."},{"key":"e_1_3_2_1_8_1","volume-title":"MaskedNet: The First Hardware Inference Engine Aiming Power Side-Channel Protection. arXiv: Cryptography and Security","author":"Dubey Anuj","year":"2019","unstructured":"Anuj Dubey , Rosario Cammarota , and Aydin Aysu . 2019. MaskedNet: The First Hardware Inference Engine Aiming Power Side-Channel Protection. arXiv: Cryptography and Security ( 2019 ). Anuj Dubey, Rosario Cammarota, and Aydin Aysu. 2019. MaskedNet: The First Hardware Inference Engine Aiming Power Side-Channel Protection. arXiv: Cryptography and Security (2019)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415649"},{"key":"e_1_3_2_1_10_1","volume-title":"Stealing neural networks via timing side channels. arXiv preprint arXiv:1812.11720","author":"Duddu Vasisht","year":"2018","unstructured":"Vasisht Duddu , Debasis Samanta , D Vijay Rao , and Valentina E Balas . 2018. Stealing neural networks via timing side channels. arXiv preprint arXiv:1812.11720 ( 2018 ). Vasisht Duddu, Debasis Samanta, D Vijay Rao, and Valentina E Balas. 2018. Stealing neural networks via timing side channels. arXiv preprint arXiv:1812.11720 (2018)."},{"key":"e_1_3_2_1_11_1","volume-title":"Privado: Practical and Secure DNN Inference with Enclaves. arXiv:1810.00602 [cs.CR]","author":"Grover Karan","year":"2019","unstructured":"Karan Grover , Shruti Tople , Shweta Shinde , Ranjita Bhagwan , and Ramachandran Ramjee . 2019 . Privado: Practical and Secure DNN Inference with Enclaves. arXiv:1810.00602 [cs.CR] Karan Grover, Shruti Tople, Shweta Shinde, Ranjita Bhagwan, and Ramachandran Ramjee. 2019. Privado: Practical and Secure DNN Inference with Enclaves. arXiv:1810.00602 [cs.CR]"},{"key":"e_1_3_2_1_12_1","first-page":"1","article-title":"Towards Security Threats of Deep Learning Systems: A Survey","volume":"01","author":"He Yingzhe","year":"2020","unstructured":"Yingzhe He , Guozhu Meng , Kai Chen , Xingbo Hu , and Jinwen He . 2020 . Towards Security Threats of Deep Learning Systems: A Survey . IEEE Annals of the History of Computing 01 (2020), 1 -- 1 . Yingzhe He, Guozhu Meng, Kai Chen, Xingbo Hu, and Jinwen He. 2020. Towards Security Threats of Deep Learning Systems: A Survey. IEEE Annals of the History of Computing 01 (2020), 1--1.","journal-title":"IEEE Annals of the History of Computing"},{"key":"e_1_3_2_1_13_1","volume-title":"Ian Rackow, Kevin Kulda, Dana Dachman-Soled, and Tudor Dumitra\u015f.","author":"Hong Sanghyun","year":"2018","unstructured":"Sanghyun Hong , Michael Davinroy , Yi\u011fitcan Kaya , Stuart Nevans Locke , Ian Rackow, Kevin Kulda, Dana Dachman-Soled, and Tudor Dumitra\u015f. 2018 . Security analysis of deep neural networks operating in the presence of cache side-channel attacks. arXiv preprint arXiv:1810.03487 (2018). Sanghyun Hong, Michael Davinroy, Yi\u011fitcan Kaya, Stuart Nevans Locke, Ian Rackow, Kevin Kulda, Dana Dachman-Soled, and Tudor Dumitra\u015f. 2018. Security analysis of deep neural networks operating in the presence of cache side-channel attacks. arXiv preprint arXiv:1810.03487 (2018)."},{"key":"e_1_3_2_1_14_1","volume-title":"Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Hong Sanghyun","year":"2019","unstructured":"Sanghyun Hong , Pietro Frigo , Yigitcan Kaya , Cristiano Giuffrida , and Tudor Dumitras . 2019 . Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks. In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, Santa Clara, CA, 497--514. Sanghyun Hong, Pietro Frigo, Yigitcan Kaya, Cristiano Giuffrida, and Tudor Dumitras. 2019. Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 497--514."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378460"},{"key":"e_1_3_2_1_16_1","unstructured":"X. Hu Y. Zhao L. Deng L. Liang P. Zuo J. Ye Y. Lin and Y. Xie. 2020. Practical Attacks on Deep Neural Networks by Memory Trojaning. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (2020) 1--1.  X. Hu Y. Zhao L. Deng L. Liang P. Zuo J. Ye Y. Lin and Y. Xie. 2020. Practical Attacks on Deep Neural Networks by Memory Trojaning. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (2020) 1--1."},{"key":"e_1_3_2_1_17_1","unstructured":"Weizhe Hua Muhammad Umar Zhiru Zhang and G. Edward Suh. 2020. GuardNN: Secure DNN Accelerator for Privacy-Preserving Deep Learning. arXiv:2008.11632 [cs.CR]  Weizhe Hua Muhammad Umar Zhiru Zhang and G. Edward Suh. 2020. GuardNN: Secure DNN Accelerator for Privacy-Preserving Deep Learning. arXiv:2008.11632 [cs.CR]"},{"key":"e_1_3_2_1_18_1","volume-title":"Reverse Engineering Convolutional Neural Networks Through Side-channel Information Leaks. In 2018 55th ACM\/ESDA\/IEEE Design Automation Conference (DAC). 1--6.","author":"Hua W.","unstructured":"W. Hua , Z. Zhang , and G. E. Suh . 2018 . Reverse Engineering Convolutional Neural Networks Through Side-channel Information Leaks. In 2018 55th ACM\/ESDA\/IEEE Design Automation Conference (DAC). 1--6. W. Hua, Z. Zhang, and G. E. Suh. 2018. Reverse Engineering Convolutional Neural Networks Through Side-channel Information Leaks. In 2018 55th ACM\/ESDA\/IEEE Design Automation Conference (DAC). 1--6."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415671"},{"key":"e_1_3_2_1_20_1","volume-title":"Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2016. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236 ( 2016 ). Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236 (2016)."},{"key":"e_1_3_2_1_21_1","volume-title":"Deep learning. nature 521, 7553","author":"LeCun Yann","year":"2015","unstructured":"Yann LeCun , Yoshua Bengio , and Geoffrey Hinton . 2015. Deep learning. nature 521, 7553 ( 2015 ), 436--444. Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. nature 521, 7553 (2015), 436--444."},{"key":"e_1_3_2_1_22_1","volume-title":"OpenAI's GPT-3 Language Model: A Technical Overview","author":"Chuan Li.","year":"2020","unstructured":"Chuan Li. [n.d.]. OpenAI's GPT-3 Language Model: A Technical Overview , 2020 . Available at https:\/\/lambdalabs.com\/blog\/demystifying-gpt-3\/. Chuan Li. [n.d.]. OpenAI's GPT-3 Language Model: A Technical Overview, 2020. Available at https:\/\/lambdalabs.com\/blog\/demystifying-gpt-3\/."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis","author":"Li Guanpeng","unstructured":"Guanpeng Li , Siva Kumar Sastry Hari , Michael Sullivan , Timothy Tsai , Karthik Pattabiraman , Joel Emer , and Stephen W. Keckler . 2017. Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications . In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis ( Denver, Colorado) (SC '17). Association for Computing Machinery, New York, NY, USA, Article 8, 12 pages. Guanpeng Li, Siva Kumar Sastry Hari, Michael Sullivan, Timothy Tsai, Karthik Pattabiraman, Joel Emer, and Stephen W. Keckler. 2017. Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications. In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis (Denver, Colorado) (SC '17). Association for Computing Machinery, New York, NY, USA, Article 8, 12 pages."},{"key":"e_1_3_2_1_24_1","volume-title":"Hu-Fu: Hardware and Software Collaborative Attack Framework Against Neural Networks. In 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 482--487","author":"Li W.","unstructured":"W. Li , J. Yu , X. Ning , P. Wang , Q. Wei , Y. Wang , and H. Yang . 2018 . Hu-Fu: Hardware and Software Collaborative Attack Framework Against Neural Networks. In 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 482--487 . W. Li, J. Yu, X. Ning, P. Wang, Q. Wei, Y. Wang, and H. Yang. 2018. Hu-Fu: Hardware and Software Collaborative Attack Framework Against Neural Networks. In 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 482--487."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359831"},{"key":"e_1_3_2_1_26_1","volume-title":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 227--230","author":"Liu T.","unstructured":"T. Liu , W. Wen , and Y. Jin . 2018. SIN2: Stealth infection on neural network --- A low-cost agile neural Trojan attack methodology . In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 227--230 . T. Liu, W. Wen, and Y. Jin. 2018. SIN2: Stealth infection on neural network --- A low-cost agile neural Trojan attack methodology. In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 227--230."},{"key":"e_1_3_2_1_27_1","volume-title":"2020 57th ACM\/IEEE Design Automation Conference (DAC). 1--6.","author":"Liu W.","unstructured":"W. Liu , C. H. Chang , F. Zhang , and X. Lou . 2020. Imperceptible Misclassification Attack on Deep Learning Accelerator by Glitch Injection . In 2020 57th ACM\/IEEE Design Automation Conference (DAC). 1--6. W. Liu, C. H. Chang, F. Zhang, and X. Lou. 2020. Imperceptible Misclassification Attack on Deep Learning Accelerator by Glitch Injection. In 2020 57th ACM\/IEEE Design Automation Conference (DAC). 1--6."},{"key":"e_1_3_2_1_28_1","volume-title":"Mitigating Reverse Engineering Attacks on Deep Neural Networks. In 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 657--662","author":"Liu Y.","unstructured":"Y. Liu , D. Dachman-Soled , and A. Srivastava . 2019 . Mitigating Reverse Engineering Attacks on Deep Neural Networks. In 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 657--662 . Y. Liu, D. Dachman-Soled, and A. Srivastava. 2019. Mitigating Reverse Engineering Attacks on Deep Neural Networks. In 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 657--662."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363216"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411495.3421356"},{"key":"e_1_3_2_1_31_1","volume-title":"2017 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD). 131--138","author":"Liu Y.","unstructured":"Y. Liu , L. Wei , B. Luo , and Q. Xu . 2017. Fault injection attack on deep neural network . In 2017 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD). 131--138 . Y. Liu, L. Wei, B. Luo, and Q. Xu. 2017. Fault injection attack on deep neural network. In 2017 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD). 131--138."},{"key":"e_1_3_2_1_32_1","volume-title":"Sequence Triggered Hardware Trojan in Neural Network Accelerator. In 2020 IEEE 38th VLSI Test Symposium (VTS). 1--6.","author":"Liu Z.","unstructured":"Z. Liu , J. Ye , X. Hu , H. Li , X. Li , and Y. Hu . 2020 . Sequence Triggered Hardware Trojan in Neural Network Accelerator. In 2020 IEEE 38th VLSI Test Symposium (VTS). 1--6. Z. Liu, J. Ye, X. Hu, H. Li, X. Li, and Y. Hu. 2020. Sequence Triggered Hardware Trojan in Neural Network Accelerator. In 2020 IEEE 38th VLSI Test Symposium (VTS). 1--6."},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","author":"Naghibijouybari H.","unstructured":"H. Naghibijouybari , A. Neupane , Z. Qian , and N. Abu-Ghazaleh . 2018. Rendered Insecure: GPU Side Channel Attacks Are Practical . In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security ( Toronto, Canada) (CCS '18). Association for Computing Machinery, New York, NY, USA, 2139--2153. H. Naghibijouybari, A. Neupane, Z. Qian, and N. Abu-Ghazaleh. 2018. Rendered Insecure: GPU Side Channel Attacks Are Practical. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS '18). Association for Computing Machinery, New York, NY, USA, 2139--2153."},{"key":"e_1_3_2_1_34_1","volume-title":"Hawzhin Raoof Mohammed, and Syed Rafay Hasan","author":"Odetola Tolulope A","year":"2019","unstructured":"Tolulope A Odetola , Hawzhin Raoof Mohammed, and Syed Rafay Hasan . 2019 . A stealthy hardware trojan exploiting the architectural vulnerability of deep learning architectures: Input interception attack (IIA). arXiv preprint arXiv:1911.00783 (2019). Tolulope A Odetola, Hawzhin Raoof Mohammed, and Syed Rafay Hasan. 2019. A stealthy hardware trojan exploiting the architectural vulnerability of deep learning architectures: Input interception attack (IIA). arXiv preprint arXiv:1911.00783 (2019)."},{"key":"e_1_3_2_1_35_1","volume-title":"Robustness of neural networks against storage media errors. arXiv preprint arXiv:1709.06173","author":"Qin Minghai","year":"2017","unstructured":"Minghai Qin , Chao Sun , and Dejan Vucinic . 2017. Robustness of neural networks against storage media errors. arXiv preprint arXiv:1709.06173 ( 2017 ). Minghai Qin, Chao Sun, and Dejan Vucinic. 2017. Robustness of neural networks against storage media errors. arXiv preprint arXiv:1709.06173 (2017)."},{"key":"e_1_3_2_1_36_1","volume-title":"Bit-Flip Attack: Crushing Neural Network With Progressive Bit Search. In 2019 IEEE\/CVF International Conference on Computer Vision (ICCV). 1211--1220","author":"Rakin A. S.","unstructured":"A. S. Rakin , Z. He , and D. Fan . 2019 . Bit-Flip Attack: Crushing Neural Network With Progressive Bit Search. In 2019 IEEE\/CVF International Conference on Computer Vision (ICCV). 1211--1220 . A. S. Rakin, Z. He, and D. Fan. 2019. Bit-Flip Attack: Crushing Neural Network With Progressive Bit Search. In 2019 IEEE\/CVF International Conference on Computer Vision (ICCV). 1211--1220."},{"key":"e_1_3_2_1_37_1","volume-title":"2018 55th ACM\/ESDA\/IEEE Design Automation Conference (DAC). 1--6.","author":"Reagen B.","unstructured":"B. Reagen , U. Gupta , L. Pentecost , P. Whatmough , S. K. Lee , N. Mulholland , D. Brooks , and G. Wei . 2018. Ares: A framework for quantifying the resilience of deep neural networks . In 2018 55th ACM\/ESDA\/IEEE Design Automation Conference (DAC). 1--6. B. Reagen, U. Gupta, L. Pentecost, P. Whatmough, S. K. Lee, N. Mulholland, D. Brooks, and G. Wei. 2018. Ares: A framework for quantifying the resilience of deep neural networks. In 2018 55th ACM\/ESDA\/IEEE Design Automation Conference (DAC). 1--6."},{"key":"e_1_3_2_1_38_1","volume-title":"Real-Time Object Detection. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 779--788","author":"Redmon J.","year":"2016","unstructured":"J. Redmon , S. Divvala , R. Girshick , and A. Farhadi . 2016. You Only Look Once: Unified , Real-Time Object Detection. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 779--788 . https:\/\/doi.org\/10.1109\/CVPR. 2016 .91 10.1109\/CVPR.2016.91 J. Redmon, S. Divvala, R. Girshick, and A. Farhadi. 2016. You Only Look Once: Unified, Real-Time Object Detection. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 779--788. https:\/\/doi.org\/10.1109\/CVPR.2016.91"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"B. Salami E. B. Onural I. E. Yuksel F. Koc O. Ergin A. Cristal Kestelman O. Unsal H. Sarbazi-Azad and O. Mutlu. 2020. An Experimental Study of Reduced-Voltage Operation in Modern FPGAs for Neural Network Acceleration. In 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 138--149.  B. Salami E. B. Onural I. E. Yuksel F. Koc O. Ergin A. Cristal Kestelman O. Unsal H. Sarbazi-Azad and O. Mutlu. 2020. An Experimental Study of Reduced-Voltage Operation in Modern FPGAs for Neural Network Acceleration. In 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 138--149.","DOI":"10.1109\/DSN48063.2020.00032"},{"key":"e_1_3_2_1_40_1","volume-title":"Verifiable and Private Execution of Neural Networks in Trusted Hardware. In International Conference on Learning Representations.","author":"Tramer Florian","year":"2019","unstructured":"Florian Tramer and Dan Boneh . 2019 . Slalom: Fast , Verifiable and Private Execution of Neural Networks in Trusted Hardware. In International Conference on Learning Representations. Florian Tramer and Dan Boneh. 2019. Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_41_1","volume-title":"Graviton: Trusted Execution Environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18)","author":"Volos Stavros","year":"2018","unstructured":"Stavros Volos , Kapil Vaswani , and Rodrigo Bruno . 2018 . Graviton: Trusted Execution Environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18) . USENIX Association, Carlsbad, CA, 681--696. Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted Execution Environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). USENIX Association, Carlsbad, CA, 681--696."},{"key":"e_1_3_2_1_42_1","volume-title":"Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In 2019 IEEE Symposium on Security and Privacy (SP). 707--723","author":"Wang B.","unstructured":"B. Wang , Y. Yao , S. Shan , H. Li , B. Viswanath , H. Zheng , and B. Y. Zhao . 2019 . Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In 2019 IEEE Symposium on Security and Privacy (SP). 707--723 . B. Wang, Y. Yao, S. Shan, H. Li, B. Viswanath, H. Zheng, and B. Y. Zhao. 2019. Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In 2019 IEEE Symposium on Security and Privacy (SP). 707--723."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 16th ACM International Conference on Computing Frontiers","author":"Wang X.","unstructured":"X. Wang , R. Hou , Y. Zhu , J. Zhang , and D. Meng . 2019. NPUFort: A Secure Architecture of DNN Accelerator against Model Inversion Attack . In Proceedings of the 16th ACM International Conference on Computing Frontiers ( Alghero, Italy) (CF '19). Association for Computing Machinery, New York, NY, USA, 190--196. X. Wang, R. Hou, Y. Zhu, J. Zhang, and D. Meng. 2019. NPUFort: A Secure Architecture of DNN Accelerator against Model Inversion Attack. In Proceedings of the 16th ACM International Conference on Computing Frontiers (Alghero, Italy) (CF '19). Association for Computing Machinery, New York, NY, USA, 190--196."},{"key":"e_1_3_2_1_44_1","volume-title":"Leaky DNN: Stealing Deep-Learning Model Secret with GPU Context-Switching Side-Channel. In 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 125--137","author":"Wei J.","unstructured":"J. Wei , Y. Zhang , Z. Zhou , Z. Li , and M. A. Al Faruque . 2020 . Leaky DNN: Stealing Deep-Learning Model Secret with GPU Context-Switching Side-Channel. In 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 125--137 . J. Wei, Y. Zhang, Z. Zhou, Z. Li, and M. A. Al Faruque. 2020. Leaky DNN: Stealing Deep-Learning Model Secret with GPU Context-Switching Side-Channel. In 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 125--137."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274696"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSII.2020.2973007"},{"key":"e_1_3_2_1_47_1","volume-title":"2020 IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST).","author":"Xu Q.","unstructured":"Q. Xu , M.T. Arafin , and G. Qu . 2020. MIDAS: Model Inversion Defenses Using an Approximate Memory System . In 2020 IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST). Q. Xu, M.T. Arafin, and G. Qu. 2020. MIDAS: Model Inversion Defenses Using an Approximate Memory System. In 2020 IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST)."},{"key":"e_1_3_2_1_48_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Yan Mengjia","year":"2020","unstructured":"Mengjia Yan , Christopher W. Fletcher , and Josep Torrellas . 2020 . Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures . In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association , 2003--2020. Mengjia Yan, Christopher W. Fletcher, and Josep Torrellas. 2020. Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2003--2020."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3079856.3080222"},{"key":"e_1_3_2_1_50_1","volume-title":"Hardware Trojan in FPGA CNN Accelerator. In 2018 IEEE 27th Asian Test Symposium (ATS). 68--73","author":"Ye J.","unstructured":"J. Ye , Y. Hu , and X. Li . 2018 . Hardware Trojan in FPGA CNN Accelerator. In 2018 IEEE 27th Asian Test Symposium (ATS). 68--73 . J. Ye, Y. Hu, and X. Li. 2018. Hardware Trojan in FPGA CNN Accelerator. In 2018 IEEE 27th Asian Test Symposium (ATS). 68--73."},{"key":"e_1_3_2_1_51_1","volume-title":"2020 IEEE International Symposium on Circuits and Systems (ISCAS). 1--5.","author":"Yoshida K.","unstructured":"K. Yoshida , T. Kubota , S. Okura , M. Shiozaki , and T. Fujino . 2020. Model Reverse-Engineering Attack using Correlation Power Analysis against Systolic Array Based Neural Network Accelerator . In 2020 IEEE International Symposium on Circuits and Systems (ISCAS). 1--5. K. Yoshida, T. Kubota, S. Okura, M. Shiozaki, and T. Fujino. 2020. Model Reverse-Engineering Attack using Correlation Power Analysis against Systolic Array Based Neural Network Accelerator. In 2020 IEEE International Symposium on Circuits and Systems (ISCAS). 1--5."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3316781.3317825"},{"key":"e_1_3_2_1_53_1","volume-title":"Automation Test in Europe Conference Exhibition (DATE). 1415--1420","author":"Zhao Y.","unstructured":"Y. Zhao , X. Hu , S. Li , J. Ye , L. Deng , Y. Ji , J. Xu , D. Wu , and Y. Xie . 2019. Memory Trojan Attack on Neural Network Accelerators. In 2019 Design , Automation Test in Europe Conference Exhibition (DATE). 1415--1420 . Y. Zhao, X. Hu, S. Li, J. Ye, L. Deng, Y. Ji, J. Xu, D. Wu, and Y. Xie. 2019. Memory Trojan Attack on Neural Network Accelerators. In 2019 Design, Automation Test in Europe Conference Exhibition (DATE). 1415--1420."},{"key":"e_1_3_2_1_54_1","unstructured":"Minhui Zou Yang Shi Chengliang Wang Fangyu Li WenZhan Song and Yu Wang. 2019. PoTrojan: powerful neural-level trojan designs in deep learning models. arXiv:1802.03043 [cs.CR]  Minhui Zou Yang Shi Chengliang Wang Fangyu Li WenZhan Song and Yu Wang. 2019. PoTrojan: powerful neural-level trojan designs in deep learning models. arXiv:1802.03043 [cs.CR]"}],"event":{"name":"ASPDAC '21: 26th Asia and South Pacific Design Automation Conference","location":"Tokyo Japan","acronym":"ASPDAC '21","sponsor":["SIGDA ACM Special Interest Group on Design Automation","IEEE CAS","IEEE CEDA"]},"container-title":["Proceedings of the 26th Asia and South Pacific Design Automation Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394885.3431639","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3394885.3431639","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3394885.3431639","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:00Z","timestamp":1750193280000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394885.3431639"}},"subtitle":["A Survey and Beyond"],"short-title":[],"issued":{"date-parts":[[2021,1,18]]},"references-count":54,"alternative-id":["10.1145\/3394885.3431639","10.1145\/3394885"],"URL":"https:\/\/doi.org\/10.1145\/3394885.3431639","relation":{},"subject":[],"published":{"date-parts":[[2021,1,18]]},"assertion":[{"value":"2021-01-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}