How to 0wn the NAS in Your Spare Time
Authors: Sanghyun Hong, Michael Davinroy, Yiǧitcan Kaya, Dana Dachman-Soled, Tudor Dumitraş
ICLR 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We demonstrate experimentally that we can reconstruct Mal Conv, a novel data pre-processing pipeline for malware detection, and Proxyless NAS-CPU, a novel network architecture for the Image Net classification optimized to run on CPUs, without knowing the architecture family. In both cases, we achieve 0% error. |
| Researcher Affiliation | Academia | Sanghyun Hong, Michael Davinroy , Yiˇgitcan Kaya, Dana Dachman-Soled, Tudor Dumitras, University of Maryland, College Park shhong@cs.umd.edu, michael.davinroy@gmail.com, yigitcan@cs.umd.edu, danadach@ece.umd.edu, tdumitra@umiacs.umd.edu. This work was done when Michael Davinroy was a research intern at the Maryland Cybersecurity Center. |
| Pseudocode | Yes | Algorithm 1 Populate computational graphs. Figure 6: The algorithm for searching candidate computational graphs. We describe our algorithm to populate the candidate graphs of Mal Conv (left) and the sample candidates (right). |
| Open Source Code | No | No, the paper states they implemented their algorithm in PyTorch and TensorFlow but does not provide a link or explicit statement about releasing their source code for the described methodology. |
| Open Datasets | Yes | We demonstrate experimentally that we can reconstruct Mal Conv, a novel data pre-processing pipeline for malware detection, and Proxyless NAS-CPU, a novel network architecture for the Image Net classification optimized to run on CPUs, without knowing the architecture family. We first reconstruct the Mal Conv (Raff et al., 2018), a novel data pre-processing pipeline... Also, we show that our attacker can reconstruct the novel Proxyless NAS (Cai et al., 2019) architecture that shows the improved accuracy on the Image Net classification with the less computational cost on a CPU. |
| Dataset Splits | No | No, the paper does not provide specific training/validation/test dataset splits for its experiments. It focuses on reconstructing existing models, not training them with specific data splits. |
| Hardware Specification | Yes | We implement our attack on Ubuntu 18.04 running on a host machine equipped with the Intel E3-1245v6 3.7GHz processors (8 cores, 32GB memory and 8MB cache shared between cores). |
| Software Dependencies | Yes | We implement our attack on Ubuntu 18.04... We use Python v3.6 to implement the procedure. We use Py Torch v1.2.0 and Tensorflow v1.14.0. |
| Experiment Setup | Yes | For the convolutions, we consider input/output channels {1, 2, 4, 8, 16, 32, 128, 256}, kernels {1, 3, 5, 7, 11, 100, 200, 500, 1k, 10k}, and strides {1, 2, 5, 10, 100, 200, 500, 1k, 10k}. For the linear layers, we use input {4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048} and output dimensions {1, 10, 16, 20, 32, 40, 100, 128, 256, 512, 1k, 1024, 2048}. Since the attacker knows that in the search space that the victim uses, a maximum of nine computations are used to compose a block, we consider the window size from one to nine. |