Home

Awesome

[ICLR'20] How to 0wn NAS in Your Spare Time

This repository contains the code for the paper "How to 0wn NAS in Your Spare Time" <br> Published at the International Conference on Learning Representation (ICLR) 2020, Addis Ababa, Ethoipia.

Authors: Sanghyun Hong, Michael Davinroy, Yigitcan Kaya, Dana Dachman-Soled, and Tudor Dumitras <br> Contact: Sanghyun Hong

About

Our study presents an algorithm that reconstructs the key components of a novel deep learning systems—i.e., a novel data pre-preprocessing pipeline and a neural network architecture---by exploiting information leakage from a cache side-channel attack, Flush+Reload. Based on the trace of computations and the timing for each computation observed by Flush+Reload, we generate candidate computational graphs from the trace and eliminate incompatible candidates through a parameter estimation process. We demonstrate experimentally that we can reconstruct MalConv, a novel data pre-processing pipeline for malware detection, and ProxylessNAS-CPU, a novel network architecture for the ImageNet classification optimized to run on CPUs, without knowing the architecture family. This repository contains the traces that we observed by the side-channel attack and the scripts for reconstructing victim architectures.

Note: this repository currently includes the code for the ToyNet and MalConv reconstructions.

Install Dependencies

You can install the required Python packages by running the following command:

  $ pip install -r requirements.txt

Run (MalConv)

To run the script for reconstructing the MalConv architecture:

  $ ./reconstruct_malconv.sh

The reconstruction results are stored under the results/reconstruct/<victim> folder.

This PDF shows the final architecture from this reconstruction.

Traces from Flush+Reload

You can see the traces observed from the cache side-channel attack (Flush+Reload) in the traces/<victim> folder. We use the Mastik toolkit to extract those traces. If you're interested in this process, you can refer to this repository for our previous project.

Cite This Work

You are encouraged to cite our paper if you use this code for academic research.

@inproceedings{Hong200wn,
  author    = {Sanghyun Hong and
               Michael Davinroy and
               Yigitcan Kaya and
               Dana Dachman{-}Soled and
               Tudor Dumitras},
  title     = {How to 0wn NAS in Your Spare Time},
  booktitle = {International Conference on Learning Representations},
  year      = {2020},
  url       = {https://arxiv.org/pdf/2002.06776.pdf},
}

License

This project is licensed under the MIT License - see the LICENSE file for details

Fin.