Awesome
[ICLR'20] How to 0wn NAS in Your Spare Time
This repository contains the code for the paper "How to 0wn NAS in Your Spare Time" <br> Published at the International Conference on Learning Representation (ICLR) 2020, Addis Ababa, Ethoipia.
Authors: Sanghyun Hong, Michael Davinroy, Yigitcan Kaya, Dana Dachman-Soled, and Tudor Dumitras <br> Contact: Sanghyun Hong
About
Our study presents an algorithm that reconstructs the key components of a novel deep learning systems—i.e., a novel data pre-preprocessing pipeline and a neural network architecture---by exploiting information leakage from a cache side-channel attack, Flush+Reload. Based on the trace of computations and the timing for each computation observed by Flush+Reload, we generate candidate computational graphs from the trace and eliminate incompatible candidates through a parameter estimation process. We demonstrate experimentally that we can reconstruct MalConv, a novel data pre-processing pipeline for malware detection, and ProxylessNAS-CPU, a novel network architecture for the ImageNet classification optimized to run on CPUs, without knowing the architecture family. This repository contains the traces that we observed by the side-channel attack and the scripts for reconstructing victim architectures.
Note: this repository currently includes the code for the ToyNet and MalConv reconstructions.
Install Dependencies
You can install the required Python packages by running the following command:
$ pip install -r requirements.txt
Run (MalConv)
To run the script for reconstructing the MalConv architecture:
$ ./reconstruct_malconv.sh
The reconstruction results are stored under the results/reconstruct/<victim>
folder.
computational_graphs
: contains the computational graphs reconstructed from a trace.architecture_candidates
: contains the candidate architecture reconstructed by pruning.architectures
: contains the final architecture after removing unrealistic candidates.
This PDF shows the final architecture from this reconstruction.
Traces from Flush+Reload
You can see the traces observed from the cache side-channel attack (Flush+Reload) in the traces/<victim>
folder. We use the Mastik toolkit to extract those traces. If you're interested in this process, you can refer to this repository for our previous project.
raw
: contains the raw traces observed by the side-channel attacker.processed
: contains the traces processed offline, used as an input to the reconstruction algorithm.
Cite This Work
You are encouraged to cite our paper if you use this code for academic research.
@inproceedings{Hong200wn,
author = {Sanghyun Hong and
Michael Davinroy and
Yigitcan Kaya and
Dana Dachman{-}Soled and
Tudor Dumitras},
title = {How to 0wn NAS in Your Spare Time},
booktitle = {International Conference on Learning Representations},
year = {2020},
url = {https://arxiv.org/pdf/2002.06776.pdf},
}
License
This project is licensed under the MIT License - see the LICENSE file for details
Fin.