Skip to content

casrl/DeepSteal-exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

rh_leakage_tool

rh_leakage_tool

 
 

system_exploit

system_exploit

 
 

utils

utils

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

dram-addressing-db.md

dram-addressing-db.md

 
 

Repository files navigation

DeepSteal: rowhammer-based side channel for ML model weight stealing

GitHub contributors Linux Maintenance Language GitHub license

DOI:10.1109/SP46214.2022.00122 Paper

DeepSteal demonstrates a digital side channel that can steal fine-grained machine learning model weight information, which enables subsequent advanced DNN model extractions. At its core, DeepSteal leverages the memory rowhammer vulnerability as an information leakage attack vector that effectively exfiltrates fined-grained (but partial) model weight bits in bulk. DeepSteal then utilizes such partially-revealed model parameters to build extremely powerful model extraction attacks for deep neural networks (DNNs), including the construction of substitute models with superior accuracy and fidelity as well as enhanced adversarial input attacks with close to white-box attack performance. In contrast to previous physical/microarchitecture attacks that leak DNN model hyperparameters or model architectures, DeepSteal unveils a more severe ML privacy concern of ML weight due to HW threats.

This repository contains code for the DeepSteal system-level exploits. Specifically, it includes tools to profile DRAMs to identify memory cells (bits) in DRAM DIMMS that are highly reliable and leakable (using rowhammer as a side channel). The repo also contains a proof-of-concept code example that can be used to leak ML model weight bits (HammerLeak) as proposed in the paper.

Environment

  • Operating System: Ubuntu 20.04.4 LTS
  • Kernel: 5.13.0-40-generic
  • GCC: Ubuntu 9.4.0-1ubuntu1~20.04.1
  • Python: 3.9.7 (Anaconda distribution)
  • Pytorch: Source compiled (Tag: v1.7.1-rc3, FBGEMM commit: 1d71039)

Repository overview

  • rh_leakage_tool
    • contains a tool that profiles DRAM to identify leakable DRAM cells for rowhammer side channel exploit.
  • system_exploit
  • dram-addressing-db.md: a list of DRAM addressing functions we reverse-engineered for Intel processors.
  • utils

More information about DeepSteal can be found in our paper in IEEE Symposium on Security and Privacy, 2022. Our work can be cited using the following information.

Citing our paper

@inproceedings{deepsteal,
  title={Deepsteal: Advanced model extractions leveraging efficient weight stealing in memories},
  author={Rakin, Adnan Siraj* and Chowdhuryy, Md Hafizul Islam* and Yao, Fan and Fan, Deliang},
  booktitle={IEEE Symposium on Security and Privacy (S&P)},
  year={2022},
  organization={IEEE}
}

About

Proof of concept code for DeepSteal Machine Learning model extraction (weight stealing) with memory side channel

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

8 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages