CRII: SaTC: Timing Channels in Adaptive Neural Networks

Project: Research project

Project Details

Description

Machine learning services are quickly rising in popularity, allowing companies and individuals to reap the benefits of efficient and accurate deep learning models. As a result, these systems are handling an increasing amount of data, including potentially sensitive user data. Concurrently, architectures such as adaptive neural networks show promise in addressing the high memory and workload requirements of deep neural networks. However, these adaptive neural networks are susceptible to a class of vulnerabilities called timing side channels through which timing observations are leveraged to learn sensitive information about private user input. The project's novelties are providing the first investigation into the potential of adaptive neural networks to leak private user information through timing channels and developing strategies to effectively mitigate this leakage while still reaping the benefits of more efficient adaptive neural networks. The project's broader significance and importance are enabling the development of adaptive neural networks able to balance privacy requirements with performance demands, allowing them to be confidently deployed on devices such as mobile phones or small smart devices. This project provides the first holistic and systematic approach to understanding timing side channels in adaptive neural networks. The contributions of the project include: (1) defining a threat model under which timing side channels can be exploited by an attacker to gain sensitive information, (2) a machine-learning-based pipeline to effectively utilize the timing channels under this attack model, (3) an automated fuzzing-based approach to guide development of models towards those without potential timing channels, and (4) an online monitoring framework to dynamically check the balance of privacy, accuracy, and performance in deployed systems. The approaches in this project are generalizable across a variety of types of user data and adaptive neural network architectures, and the work will lead to advancements in automated testing of machine learning frameworks for violations of user privacy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
StatusActive
Effective start/end date1/06/2431/05/26

Funding

  • National Science Foundation

Fingerprint

Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.