Hermes Attack - Steal DNN Models in AI Privatization Deployment Scenarios
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical security vulnerability in AI privatization deployments through this Black Hat conference talk. Delve into the Hermes Attack, which exploits the PCIe bus connecting the host and GPU/AI-accelerator to fully reconstruct deep neural network (DNN) models. Learn about the attack's methodology, challenges, and implementation, including hardware package relationships, GPU command analysis, and semantic reconstruction techniques. Examine the evaluation results comparing different architectures, with a focus on VGG, and assess the attack's accuracy and performance. Gain insights into potential countermeasures and understand the implications for AI security in both Chinese and US markets.
Syllabus
Introduction
Motivations
Cost
Leak
Hermes Attack
Challenges
Attack Overview
Hardware
Package Relationships
Quick Facts
Out of Order Issues
GPU Command
Data Movement Command
Reverse Engineer
Split Command
Command Data Noise
Semantic Reconstruction
Offline Database Generation
Hyperparameter Reconstruct
No Directed Connections
Evaluation
Architecture Comparison
VGG Architecture
Accuracy Evaluation
Reconstruction Performance Evaluation
Countermeasures
Summary
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network