HDLock: Exploiting Privileged Encoding to Protect Hyperdimensional Computing Models against IP Stealing
TimeWednesday, July 13th1:30pm - 1:53pm PDT
Location3006, Level 3
Hardware Security: Attack and Defense
DescriptionHyperdimensional Computing (HDC) is facing infringement issues due to simple structures. This work, for the first time, raises a critical vulnerability of HDC --- an attacker can reverse engineer the entire model, only requiring the unindexed hypervector memory. To mitigate this attack, we propose a defense strategy, namely HDLock, which significantly increases the reasoning cost of encoding. Specifically, HDLock adds extra feature hypervector combination and permutation in the encoding module. Compared to the standard HDC model, a two-layer-key HDLock can increase the adversarial reasoning complexity by 10 order of magnitudes without inference accuracy loss, with only 21% extra time overhead.