On Implementation-Level Security of Edge-Based Machine Learning Models

Abstract

In this chapter, we are considering the physical security of Machine Learning (ML) implementations on Edge Devices. We list the state-of-the-art known physical attacks, with the main attack objectives to reverse engineer and misclassify ML models. These attacks have been reported for different target platforms with the usage of both passive and active attacks. The presented works highlight the potential threat of stealing an intellectual property or confidential model trained with private data, and also the possibility to tamper with the device during the execution to cause misclassification. We also discus possible countermeasures to mitigate such attacks.