Trawicki, Stefan and Hackett, William and Birch, Lewis and Suri, Neeraj and Garraghan, Peter (2023) Compilation as a Defense : Enhancing DL Model Attack Robustness via Tensor Optimization. In: Conference on Applied Machine Learning for Information Security, 2023-10-19 - 2023-10-20, Sands Capital Building, 1000 Wilson Boulevard, 30th Floor.
![[thumbnail of ffjkxhnxrfqkhzsqpffbjwtjkwrnsmdg]](https://eprints.lancs.ac.uk/style/images/fileicons/archive.png)
ffjkxhnxrfqkhzsqpffbjwtjkwrnsmdg.zip - Accepted Version
Available under License Creative Commons Attribution-NonCommercial-ShareAlike.
Download (162kB)
Abstract
Adversarial Machine Learning (AML) is a rapidly growing field of security research, with an often overlooked area being model attacks through side-channels. Previous works show such attacks to be serious threats, though little progress has been made on efficient remediation strategies that avoid costly model re-engineering. This work demonstrates a new defense against AML side-channel attacks using model compilation techniques, namely tensor optimization. We show relative model attack effectiveness decreases of up to 43% using tensor optimization, discuss the implications, and direction of future work.