How Secure Are Deep Learning Algorithms From Side-Channel Based Reverse Engineering?

Deep Learning has become a de-facto paradigm for various prediction problems including many privacy-preserving applications, where the privacy of data is a serious concern. There have been efforts to analyze and exploit information leakages from DNN to compromise data privacy. In this paper, we provide an evaluation strategy for such information leakages through DNN by considering a case study on CNN classifier. The approach utilizes low-level hardware information provided by Hardware Performance Counters and hypothesis testing during the execution of a CNN to produce alarms if there exists any information leakage on actual input.