Home > Research > Publications & Outputs > Compilation as a Defense

Research

Associated organisational units

Electronic data

  • ffjkxhnxrfqkhzsqpffbjwtjkwrnsmdg

    Accepted author manuscript, 159 KB, application/zip

    Available under license: CC BY-NC-SA: Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

View graph of relations

Compilation as a Defense: Enhancing DL Model Attack Robustness via Tensor Optimization

Research output: Contribution to conference - Without ISBN/ISSN Conference paperpeer-review

Published
Publication date20/10/2023
Number of pages2
<mark>Original language</mark>English
EventConference on Applied Machine Learning for Information Security - Sands Capital Building, 1000 Wilson Boulevard, 30th Floor, Arlington, United Kingdom
Duration: 19/10/202320/10/2023
https://www.camlis.org/

Conference

ConferenceConference on Applied Machine Learning for Information Security
Abbreviated titleCAMLIS
Country/TerritoryUnited Kingdom
CityArlington
Period19/10/2320/10/23
Internet address

Abstract

Adversarial Machine Learning (AML) is a rapidly growing field of security research, with an often overlooked area being model attacks through side-channels. Previous works show such attacks to be serious threats, though little progress has been made on efficient remediation strategies that avoid costly model re-engineering. This work demonstrates a new defense against AML side-channel attacks using model compilation techniques, namely tensor optimization. We show relative model attack effectiveness decreases of up to 43% using tensor optimization, discuss the implications, and direction of future work.