參考文獻 |
[1] “Artificial neural network,” [Online; accessed 19-June-2023]. [Online]. Available:
https://en.wikipedia.org/wiki/Artificial_neural_network
[2] X. Wang, M. Magno, L. Cavigelli, and L. Benini, “Fann-on-mcu: An open-source
toolkit for energy-efficient neural network inference at the edge of the internet of
things,” IEEE Internet of Things Journal, vol. 7, no. 5, pp. 4403–4417, 2020.
[3] R. David, J. Duke, A. Jain, V. J. Reddi, N. Jeffries, J. Li, N. Kreeger, I. Nappier,
M. Natraj, S. Regev, R. Rhodes, T. Wang, and P. Warden, “Tensorflow lite micro:
Embedded machine learning on tinyml systems,” 2021.
[4] C. Banbury, C. Zhou, I. Fedorov, R. Matas, U. Thakker, D. Gope, V. Janapa Reddi,
M. Mattina, and P. Whatmough, “Micronets: Neural network architectures for deploying tinyml applications on commodity microcontrollers,” Proceedings of machine learning and systems, vol. 3, pp. 517–532, 2021.
[5] X. Qi, J. Zhu, C. Xie, and Y. Yang, “Subnet replacement: Deployment-stage backdoor attack against deep neural networks in gray-box setting,” 2021.
[6] M. Rigaki and S. Garcia, “A survey of privacy attacks in machine learning,” 2021.
[7] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership inference attacks
against machine learning models,” in 2017 IEEE Symposium on Security and Privacy
(SP), 2017, pp. 3–18.
[8] Z. Ji, Z. C. Lipton, and C. Elkan, “Differential privacy and machine learning: a
survey and review,” 2014. [Online]. Available: https://arxiv.org/abs/1412.7584
[9] J. Konečný, H. B. McMahan, F. X. Yu, P. Richtárik, A. T. Suresh, and D. Bacon,
“Federated learning: Strategies for improving communication efficiency,” 2016.
[Online]. Available: https://arxiv.org/abs/1610.05492
[10] P. Vepakomma, O. Gupta, T. Swedish, and R. Raskar, “Split learning for health:
Distributed deep learning without sharing raw patient data,” 2018. [Online].
Available: https://arxiv.org/abs/1812.00564
[11] “Trusted execution environment,” [Online; accessed 19-June-2023]. [Online].
Available: https://en.wikipedia.org/wiki/Trusted_execution_environment
[12] “Trustedfirmware-m (tf-m),” [Online; accessed 19-June-2023]. [Online]. Available:
https://www.trustedfirmware.org/projects/tf-m/
[13] “Microcontrollers (mcus),” [Online; accessed 19-June-2023]. [Online]. Available:
https://en.wikipedia.org/wiki/Microcontroller
[14] “Real time operating system (rtos),” [Online; accessed 19-June-2023]. [Online].
Available: https://www.freertos.org/about-RTOS.html
[15] “Trustzone® technology for armv8-m architecture,” [Online; accessed 19-June2023]. [Online]. Available: https://developer.arm.com/documentation/100690/
latest/
[16] S. Nissen et al., “Implementation of a fast artificial neural network library (fann),”
Report, Department of Computer Science University of Copenhagen (DIKU), vol. 31,
no. 29, p. 26, 2003.
[17] “Cmsis nn,” [Online; accessed 19-June-2023]. [Online]. Available: https:
//github.com/ARM-software/CMSIS-NN
[18] M. Fredrikson, S. Jha, and T. Ristenpart, “Model inversion attacks that exploit
confidence information and basic countermeasures,” in Proceedings of the 22nd
ACM SIGSAC Conference on Computer and Communications Security, ser. CCS
’15. New York, NY, USA: Association for Computing Machinery, 2015, p. 1322–
1333. [Online]. Available: https://doi.org/10.1145/2810103.2813677
[19] J. Yosinski, J. Clune, Y. Bengio, and H. Lipson, “How transferable are features in
deep neural networks?” 2014.
[20] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership inference attacks
against machine learning models,” 2017.
[21] M. Nasr, R. Shokri, and A. Houmansadr, “Comprehensive privacy analysis of
deep learning: Passive and active white-box inference attacks against centralized
and federated learning,” in 2019 IEEE Symposium on Security and Privacy (SP).
IEEE, may 2019. [Online]. Available: https://doi.org/10.1109%2Fsp.2019.00065
[22] F. Mo, A. S. Shamsabadi, K. Katevas, S. Demetriou, I. Leontiadis, A. Cavallaro, and
H. Haddadi, “Darknetz: Towards model privacy at the edge using trusted execution
environments,” in Proceedings of the 18th International Conference on Mobile
Systems, Applications, and Services, ser. MobiSys ’20. New York, NY, USA:
Association for Computing Machinery, 2020, p. 161–174. [Online]. Available:
https://doi.org/10.1145/3386901.3388946
[23] M. F. Babar and M. Hasan, “Trusted deep neural execution—a survey,” IEEE Access,
vol. 11, pp. 45 736–45 748, 2023.
[24] T. Lee, Z. Lin, S. Pushp, C. Li, Y. Liu, Y. Lee, F. Xu, C. Xu, L. Zhang, and J. Song,
“Occlumency: Privacy-preserving remote deep-learning inference using sgx,” in
The 25th Annual International Conference on Mobile Computing and Networking,
ser. MobiCom ’19. New York, NY, USA: Association for Computing Machinery,
2019. [Online]. Available: https://doi.org/10.1145/3300061.3345447
[25] “Caffe: A deep learning framework.” [Online; accessed 19-June-2023]. [Online].
Available: https://caffe.berkeleyvision.org/
[26] “Software guard extensions (sgx),” [Online; accessed 19-June-2023]. [Online].
Available: https://www.intel.com/content/www/us/en/architecture-and-technology/
software-guard-extensions.html
[27] K. Grover, S. Tople, S. Shinde, R. Bhagwan, and R. Ramjee, “Privado: Practical and
secure dnn inference with enclaves,” arXiv preprint arXiv:1810.00602, 2018.
[28] “Tensorflow: An end-to-end open source platform for machine learning.” [Online;
accessed 19-June-2023]. [Online]. Available: https://www.tensorflow.org/
[29] “Pytorch is an optimized tensor library for deep learning using gpus and cpus.”
[Online; accessed 19-June-2023]. [Online]. Available: https://pytorch.org/
[30] J. Redmon, S. Divvala, R. Girshick, and A. Farhadi, “You only look once: Unified,
real-time object detection,” 2016.
[31] “Op-tee is a trusted execution environment (tee) designed as companion to
a non-secure linux kernel running on arm.” [Online; accessed 19-June-2023].
[Online]. Available: https://optee.readthedocs.io/en/latest/general/about.html
[32] M. S. Islam, M. Zamani, C. H. Kim, L. Khan, and K. W. Hamlen, “Confidential
execution of deep learning inference at the untrusted edge with arm trustzone,”
in Proceedings of the Thirteenth ACM Conference on Data and Application
Security and Privacy, ser. CODASPY ’23. New York, NY, USA: Association
for Computing Machinery, 2023, p. 153–164. [Online]. Available: https:
//doi.org/10.1145/3577923.3583648
[33] “Spm backends,” [Online; accessed 19-June-2023]. [Online]. Available: https://tfm-user-guide.trustedfirmware.org/integration_guide/spm_backends.html
[34] “Pretty good privacy,” [Online; accessed 13-July-2023]. [Online]. Available:
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
[35] D. McGrew and J. Viega, “The galois/counter mode of operation (gcm),” submission
to NIST Modes of Operation Process, vol. 20, pp. 0278–0070, 2004.
[36] PSA Crypto API, [Online; accessed 13-July-2023]. [Online]. Available: https:
//armmbed.github.io/mbed-crypto/html/
[37] “Psa certified: Iot security framework and certification,” [Online; accessed
13-July-2023]. [Online]. Available: https://www.PSAcertified.org/
[38] “Zephyr project,” [Online; accessed 13-July-2023]. [Online]. Available: https:
//zephyrproject.org/
[39] S. B. Šegota, N. Anđelić, V. Mrzljak, I. Lorencin, I. Kuric, and Z. Car, “Utilization of
multilayer perceptron for determining the inverse kinematics of an industrial robotic
manipulator,” International Journal of Advanced Robotic Systems, vol. 18, no. 4, p.
1729881420925283, 2021. |