[1] |
KURAKIN A , GOODFELLOW I J , BENGIO S ,et al. Adversarial examples in the physical world[J]. CoRR,abs/1607.02533, 2016.
|
[2] |
GOODFELLOW I J , SHLENS J , SZEGEDY C ,et al. Explaining and harnessing adversarial examples[C]// 3rd International Conference on Learning Representations(ICLR 2015). 2015.
|
[3] |
BIGGIO B , NELSON B , LASKOV P ,et al. Poisoning attacks against support vector machines[C]// Proceedings of the 29th International Conference on Machine Learning(ICML 2012). 2012.
|
[4] |
XIAO H , BIGGIO B , BROWN G ,et al. Is feature selection secure against training data poisoning?[J]. CoRR,abs /1804.07933, 2018.
|
[5] |
SHOKRI R , STRONATI M , SONG C Z ,et al. Membership inference attacks against machine learning models[C]// 2017 IEEE Symposium on Security and Privacy (SP 2017). 2017: 3-18.
|
[6] |
TRAM_ER F , ZHANG F , JUELS A ,et al. Stealing machine learning models via prediction apis[C]// 25th USENIX Security Symposium. 2016: 601-618.
|
[7] |
OH S J , AUGUSTIN M , FRITZ M ,et al. Towards reverse-engineering black-box neural networks[C]// 6th International Conference on Learning Representations(ICLR 2018). 2018.
|
[8] |
BATINA L , BHASIN S , JAP D ,et al. CSI NN:reverse engineering of neural network architectures through electromagnetic side channel[C]// 28th USENIX Security Symposium. 2019: 515-532.
|
[9] |
OREKONDY T , SCHIELE B , FRITZ M ,et al. Knockoff nets:stealing functionality of black-box models[C]// IEEE Conference on Computer Vision and Pattern Recognition(CVPR 2019). 2019: 4954-4963.
|
[10] |
HUA W , ZHANG Z R , SUH G E . Reverse engineering convolutional neural networks through side-channel information leaks[C]// Proceedings of the 55th Annual Design Automation Conference (DAC 2018). 2018: 41-46.
|
[11] |
WEI L X , LUO B , LI Y ,et al. I know what you see:Power side-channel attack on convolutional neural network accelerators[C]// Proceedings of the 34th Annual Computer Security Applications Conference. 2018: 393-406.
|
[12] |
HU X , LIANG L , DENG L ,et al. Neural network model extraction attacks in edge devices by hearing architectural hints[J]. CoRR,abs/1903.03916, 2019.
|
[13] |
HAN S , MAO H Z , DALLY W J . Deep compression:compressing deep neural networks with pruning,trained quantization and human coding[C]// ICLR 2016. 2016.
|
[14] |
JACOB B , KLIGYS S , CHEN B ,et al. Quantization and training of neural networks for efficient integer- arithmetic-only inference[C]// 2018 IEEE Conference on Computer Vision and Pattern Recognition(CVPR 2018). 2008: 2704-2713.
|
[15] |
RASTEGARI M , ORDONEZ V , REDMON J ,et al. Xnor-net:Imagenet classification using binary convolutional neural networks[J]. CoRR,abs/1603.05279, 2016.
|
[16] |
PATIL N , JOUPPI N P , YOUNG C ,et al. In-datacenter performance analysis of a tensor processing unit[C]// Proceedings of the 44th Annual International Symposium on Computer Architecture(ISCA 2017). 2017: 1-12.
|
[17] |
KOCHER P C , . Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]// Advances in Cryptology | CRYPTO '96. 1996: 104-113.
|
[18] |
MANGARD S , . A simple power-analysis (spa) attack on implementations of the AES key expansion[C]// International Conference on Information Security and Cryptology(ICISC 2002). 2002: 343-358.
|
[19] |
KOCHER P , JAFFE J , JUN B . Differential power analysis[C]// Advances in Cryptology(CRYPTO' 99). 1999: 388-397.
|
[20] |
BRIER E , CLAVIER C , OLIVIER F . Correlation power analysis with a leakage model[C]// Cryptographic Hardware and Embedded Systems(CHES 2004). 2004: 16-29.
|
[21] |
KRIZHEVSKY A . One weird trick for parallelizing convolutional neural networks[J]. CoRR,abs/1404.5997, 2014.
|
[22] |
HE K , ZHANG X Y , REN S Q ,et al. Deep residual learning for image recognition[C]// 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR 2016). 2016: 770-778.
|
[23] |
KRISHNAMOORTHI R . Quantizing deep convolutional networks for efficient inference:a whitepaper[M]. CoRR,abs/1806.08342, 2018.
|
[24] |
LIN D D , SACHIN S , TALATHI V ,et al. Fixed point quantization of deep convolutional networks[C]// Proceedings of the 33nd International Conference on Machine Learning(ICML 2016). 2016: 2849-258.
|