Hermes Attack - Steal DNN Models in AI Privatization Deployment Scenarios
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical security vulnerability in AI privatization deployments through this Black Hat conference talk. Delve into the Hermes Attack, which exploits the PCIe bus connecting the host and GPU/AI-accelerator to fully reconstruct deep neural network (DNN) models. Learn about the attack's methodology, challenges, and implementation, including hardware package relationships, GPU command analysis, and semantic reconstruction techniques. Examine the evaluation results comparing different architectures, with a focus on VGG, and assess the attack's accuracy and performance. Gain insights into potential countermeasures and understand the implications for AI security in both Chinese and US markets.
Syllabus
Introduction
Motivations
Cost
Leak
Hermes Attack
Challenges
Attack Overview
Hardware
Package Relationships
Quick Facts
Out of Order Issues
GPU Command
Data Movement Command
Reverse Engineer
Split Command
Command Data Noise
Semantic Reconstruction
Offline Database Generation
Hyperparameter Reconstruct
No Directed Connections
Evaluation
Architecture Comparison
VGG Architecture
Accuracy Evaluation
Reconstruction Performance Evaluation
Countermeasures
Summary
Taught by
Black Hat
Related Courses
Dal Reverse engineering alla stampa 3DUniversity of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam