Close

Presentation

Power-Based Side-Channel Attack on XGBoost Accelerator
SessionTrusted AI Acceleration: Secure Architectures, Privacy, and Resilience in ML Hardware
DescriptionXGBoost (eXtreme Gradient Boosting), a widely-used decision tree algorithm, plays a crucial role in applications such as ransomware and fraud detection. While its performance is well-established, its security against model extraction on hardware platforms like Field Programmable Gate Arrays (FPGAs) has not been fully explored. In this paper, we demonstrate a significant vulnerability where sensitive model data can be leaked from an XGBoost implementation through side-channel attacks (SCAs). By analyzing variations in power consumption, we show how an attacker can infer node features within the XGBoost model, leading to the extraction of critical data. We conduct an experiment using the XGBoost accelerator FAXID on the Sakura-X platform, demonstrating a method to deduce model decisions by monitoring power consumptions. The results show that on average 367k tests are sufficient to leak sensitive values. Our findings underscore the need for improved hardware and algorithmic protections to safeguard machine learning models from these types of attacks.
Authors
Yimeng Xiao
North Carolina State University
Archit Gajjar
Hewlett Packard Enterprise
Aydin Aysu
North Carolina State University
Paul Franzon
North Carolina State University
Event Type
Research Manuscript
TimeWednesday, June 2510:30am - 10:45am PDT
Location3002, Level 3
Topics
Security
Tracks
SEC1: AI/ML Security/Privacy
Next PresentationNext Presentation
zkVC: Fast Zero-Knowledge Proof for Private and Verifiable Computing