Yicheng(亦成) Zhang

I am a P.h.D student at the Department of Electrical & Computer Engineering at UC Riverside, where I am fortunately advised by Prof. Nael Abu-Ghazaleh. My interest lies in Architecture Support For Security, GPU Security and Machine Learning Security. I received my M.Sc. in Computer Engineering from UC Irvine, and my B.S. in Electrical Engineering and Automation from Sichuan University.

Email /  CV  /  Scholar  /  LinkedIn

Recent News

– July 2021: Received student travel grant from [Security’21].

– July 2021: One paper accepted by [IEEE TIFS].

– May 2021: Received student travel grant from [S&P’21].

– February 2021: One poster accepted by [FPGA'21].

– June 2020: One paper accepted by [DSN' 20].

Education
Ph.D. in Electrical Engineering 2021-2025
University of California, Riverside | Riverside, California
M.Sc. in Computer Engineering 2018-2021
University of California, Irvine | Irvine, California
B.S. in Electrical Engineering and Automation 2014-2018
Sichuan University | Chengdu, Sichuan
Publications
blind-date

Stealing Neural Network Structure through Remote FPGA Side-channel Analysis
Yicheng Zhang, Rozhin Yasaei, Hao Chen, Zhou Li, Mohammad Abdullah Al Faruque
Accepted by IEEE Transactions on Information Forensics and Security (TIFS), August, 2021.
PDF / Poster / BibTex

We explore whether the structural secret (layers and hyper-parameters) of a victim DNN model can be inferred by a remote attacker who shares the same FPGA board. We show by implementing on-chip RO-based power monitors, the power consumption of the victim DNN can be sampled at high resolution, which guarantees all layers and hyper-parameters can be reconstructed at high accuracy.

blind-date

Leaky DNN: Stealing Deep-Learning Model Secret with GPU Context-Switching Side-Channel
Junyi Wei*, Yicheng Zhang*, Zhe Zhou, Zhou Li, Mohammad Abdullah Al Faruque
*Junyi Wei and Yicheng Zhang are both first author.
Accepted by Proceedings of the 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Valencia, Spain, June, 2020.
(48/291=16.5% acceptance rate) 
PDF / Video / BibTex

We exploit the GPU side-channel based on context-switching penalties. This side-channel allows us to extract the fine-grained structural secret of a DNN model, including its layer composition and hyper-parameters. Leveraging this side-channel, we developed an attack prototype named MosConS, which applies LSTM-based inference models to identify the structural secret.

Honors and Awards
Student Travel Grant | 30th USENIX Security Symposium 2021
Student Travel Grant | 42nd IEEE Symposium on Security and Privacy 2021
Dean's Distinguished Fellowship Award | UC Riverside 2021
Sichuan University Scholarship | Sichuan University 2014-2018
Outstanding Students Leader | Sichuan University 2016
Teaching
teaching

While at UC Irvine, I was a teaching assistant for the following courses:

Continuous-Time Signals and Systems
TA for EECS150 - Winter 2020

Sytem Software
TA for EECS111 - Spring 2020

Object Oriented System Programming
TA for EECS40 - Fall 2020

Next Generation Search Systems
TA for CS125 - Winter 2021

Organization of Digital Computers
TA for EECS112 - Spring 2021

About me
teaching

In my free time, I love to ride road bikes. In the summer of 2018, I cycled around Taiwan Province with my friends. I was a member of University of California Irvine Cycling Club and was the leader of Sichuan University Cycling Club.

Also, I like to capture the beautiful moments of our life stories with my wife, Jinrun.

Subscribe our channel and watch our Vlog! (๑•̀ㅂ•́)و✧

A road to be a good researcher in computer architecture & security.

Awesome webpage from Jon Barron.