KAIST Graduate School of Information Security

2024.07.04(목) 세미나 - 홍상현
작성일2024-06-26
안녕하세요. 전기및전자공학부 김용대교수 연구실에서 오레곤 주립대 홍상현 교수님을 모시고 아래와 같이 세미나를 개최하고자 하오니 관심있는 분들의 많은 참석 부탁드립니다. o 일 시: 2024. 07. 04 (목), 4:30 - 6:00 pm o 주 제: "Great Haste Makes Great Waste: Exploiting and Attacking Efficient Deep Learning" o 연 사: 홍상현 교수 (Assistant Professor at Oregon State University) o 장 소: N5 2243호 ♣ Title: Great Haste Makes Great Waste: Exploiting and Attacking Efficient Deep Learning ♣ Abstract Recent increases in the computational demands of deep neural networks have sparked interest in efficient deep learning mechanisms, such as neural network quantization or input-adaptive multi-exit inferences. Those mechanisms provide significant computational savings while preserving a model's accuracy, making it practical to run commercial-scale models in resource-constrained settings. However, most methods focus on "hastiness"—i.e., how fast and efficiently they get correct predictions—and it overlooks the security vulnerability that can "waste" their practicality. In this talk, I will revisit efficient deep learning from a security perspective and introduce emerging research on exploiting and attacking them to achieve malicious objectives. First, I will show how an adversary can exploit neural network quantization to induce malicious behaviors. An adversary can manipulate a pre-trained model to behave maliciously upon quantization. Next, I will show how input-adaptive mechanisms, such as multi-exit models, fail to promise computational efficiency in adversarial settings. By adding human-imperceptible input perturbations, an attacker can completely offset the computational savings provided by these input-adaptive models. Finally, I will conclude my talk by encouraging the audience to examine efficient deep learning practices with an adversarial lens and discuss future research directions for building defense mechanisms. I believe that this is the best moment to listen to Benjamin's advice: "Take time for all the things." ♣ Bio Sanghyun Hong is an Assistant Professor of Computer Science at Oregon State University. He works on building trustworthy and socially responsible AI systems for the future. He is the recipient of the Google Faculty Research Award 2023, the Samsung Global Research (GRO) Award 2023, 2022 and was selected as a DARPA Riser 2022. He was also an invited speaker at USENIX Enigma 2021, where he talked about practical hardware attacks on deep learning. He earned his Ph.D. at the University of Maryland, College Park, under the guidance of Prof. Tudor Dumitras. He was also a recipient of the Ann G. Wylie Dissertation Fellowship. He received his B.S. at Seoul National University.

2024.07.04(목) 세미나 - 홍상현

작성일2024-06-26

안녕하세요. 전기및전자공학부 김용대교수 연구실에서 오레곤 주립대 홍상현 교수님을 모시고 아래와 같이 세미나를 개최하고자 하오니 관심있는 분들의 많은 참석 부탁드립니다.

o 일 시: 2024. 07. 04 (목), 4:30 - 6:00 pm
o 주 제: "Great Haste Makes Great Waste: Exploiting and Attacking Efficient Deep Learning"
o 연 사: 홍상현 교수 (Assistant Professor at Oregon State University)
o 장 소: N5 2243호

♣ Title: Great Haste Makes Great Waste: Exploiting and Attacking Efficient Deep Learning

♣ Abstract

Recent increases in the computational demands of deep neural networks have sparked interest in efficient deep learning mechanisms, such as neural network quantization or input-adaptive multi-exit inferences. Those mechanisms provide significant computational savings while preserving a model's accuracy, making it practical to run commercial-scale models in resource-constrained settings. However, most methods focus on "hastiness"—i.e., how fast and efficiently they get correct predictions—and it overlooks the security vulnerability that can "waste" their practicality.

In this talk, I will revisit efficient deep learning from a security perspective and introduce emerging research on exploiting and attacking them to achieve malicious objectives. First, I will show how an adversary can exploit neural network quantization to induce malicious behaviors. An adversary can manipulate a pre-trained model to behave maliciously upon quantization. Next, I will show how input-adaptive mechanisms, such as multi-exit models, fail to promise computational efficiency in adversarial settings. By adding human-imperceptible input perturbations, an attacker can completely offset the computational savings provided by these input-adaptive models. Finally, I will conclude my talk by encouraging the audience to examine efficient deep learning practices with an adversarial lens and discuss future research directions for building defense mechanisms. I believe that this is the best moment to listen to Benjamin's advice: "Take time for all the things."

♣ Bio

Sanghyun Hong is an Assistant Professor of Computer Science at Oregon State University. He works on building trustworthy and socially responsible AI systems for the future. He is the recipient of the Google Faculty Research Award 2023, the Samsung Global Research (GRO) Award 2023, 2022 and was selected as a DARPA Riser 2022. He was also an invited speaker at USENIX Enigma 2021, where he talked about practical hardware attacks on deep learning. He earned his Ph.D. at the University of Maryland, College Park, under the guidance of Prof. Tudor Dumitras. He was also a recipient of the Ann G. Wylie Dissertation Fellowship. He received his B.S. at Seoul National University.

목록으로