Exploiting Power Side-Channel Vulnerabilities in XGBoost Accelerator
XGBoost (eXtreme Gradient Boosting), a widelyused decision tree algorithm, plays a crucial role in applications such as ransomware and fraud detection. While its performance is well-established, its security against model extraction on hardware platforms like Field Programmable Gate Arrays (FPGAs) h...
Saved in:
| Published in: | 2025 62nd ACM/IEEE Design Automation Conference (DAC) pp. 1 - 7 |
|---|---|
| Main Authors: | , , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
22.06.2025
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | XGBoost (eXtreme Gradient Boosting), a widelyused decision tree algorithm, plays a crucial role in applications such as ransomware and fraud detection. While its performance is well-established, its security against model extraction on hardware platforms like Field Programmable Gate Arrays (FPGAs) has not been fully explored. In this paper, we demonstrate a significant vulnerability where sensitive model data can be leaked from an XGBoost implementation through side-channel attacks (SCAs). By analyzing variations in power consumption, we show how an attacker can infer node features within the XGBoost model, leading to the extraction of critical data. We conduct an experiment using the XGBoost accelerator FAXID on the Sakura-X platform, demonstrating a method to deduce model decisions by monitoring power consumptions. The results show that on average 367k tests are sufficient to leak sensitive values. Our findings underscore the need for improved hardware and algorithmic protections to safeguard machine learning models from these types of attacks. |
|---|---|
| AbstractList | XGBoost (eXtreme Gradient Boosting), a widelyused decision tree algorithm, plays a crucial role in applications such as ransomware and fraud detection. While its performance is well-established, its security against model extraction on hardware platforms like Field Programmable Gate Arrays (FPGAs) has not been fully explored. In this paper, we demonstrate a significant vulnerability where sensitive model data can be leaked from an XGBoost implementation through side-channel attacks (SCAs). By analyzing variations in power consumption, we show how an attacker can infer node features within the XGBoost model, leading to the extraction of critical data. We conduct an experiment using the XGBoost accelerator FAXID on the Sakura-X platform, demonstrating a method to deduce model decisions by monitoring power consumptions. The results show that on average 367k tests are sufficient to leak sensitive values. Our findings underscore the need for improved hardware and algorithmic protections to safeguard machine learning models from these types of attacks. |
| Author | Gajjar, Archit Aysu, Aydin Franzon, Paul Xiao, Yimeng |
| Author_xml | – sequence: 1 givenname: Yimeng surname: Xiao fullname: Xiao, Yimeng email: yxiao32@ncsu.edu organization: North Carolina State University,Dept. Electrical and Computer Engineering,Raleigh,NC,USA – sequence: 2 givenname: Archit surname: Gajjar fullname: Gajjar, Archit email: amgajjar@ncsu.edu organization: North Carolina State University,Dept. Electrical and Computer Engineering,Raleigh,NC,USA – sequence: 3 givenname: Aydin surname: Aysu fullname: Aysu, Aydin email: aaysu@ncsu.edu organization: North Carolina State University,Dept. Electrical and Computer Engineering,Raleigh,NC,USA – sequence: 4 givenname: Paul surname: Franzon fullname: Franzon, Paul email: paulf@ncsu.edu organization: North Carolina State University,Dept. Electrical and Computer Engineering,Raleigh,NC,USA |
| BookMark | eNo1j99KwzAYxSPohc69gUheoDNfkzTNZe3mFAYb-AfvRtJ80UBMRltR396KenU453c4cM7IccoJCbkEtgBg-mrZtBWvhV6UrJRTBJwzUR-RuVa65hwk-_GnZLn6PMQcxpBe6C5_YE_vg8OifTUpYaRP7zFhb2yIUwUHGhJ9Xl_nPIy06TqMExtzf05OvIkDzv90Rh5vVg_tbbHZru_aZlMYUHosFGIlAK2ufaeVsxakd6Wy2jmB3njFuauNBSErLZnyotSKGWUUgKws03xGLn53AyLuD314M_3X_v8c_waMp0lG |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/DAC63849.2025.11133048 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9798331503048 |
| EndPage | 7 |
| ExternalDocumentID | 11133048 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Science Foundation funderid: 10.13039/100000001 |
| GroupedDBID | 6IE 6IH CBEJK RIE RIO |
| ID | FETCH-LOGICAL-a179t-7ee641eb98fc97dbb15fd27b9dd4efaf733d8ab14569507f42970a7a71156b093 |
| IEDL.DBID | RIE |
| IngestDate | Wed Oct 01 07:05:15 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a179t-7ee641eb98fc97dbb15fd27b9dd4efaf733d8ab14569507f42970a7a71156b093 |
| PageCount | 7 |
| ParticipantIDs | ieee_primary_11133048 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-June-22 |
| PublicationDateYYYYMMDD | 2025-06-22 |
| PublicationDate_xml | – month: 06 year: 2025 text: 2025-June-22 day: 22 |
| PublicationDecade | 2020 |
| PublicationTitle | 2025 62nd ACM/IEEE Design Automation Conference (DAC) |
| PublicationTitleAbbrev | DAC |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 2.2951725 |
| Snippet | XGBoost (eXtreme Gradient Boosting), a widelyused decision tree algorithm, plays a crucial role in applications such as ransomware and fraud detection. While... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Data models Decision trees Feature extraction Field programmable gate arrays FPGAs hardware security HLS Machine learning algorithms Monitoring Power demand Protection Ransomware side-channel attack Side-channel attacks XGBoost |
| Title | Exploiting Power Side-Channel Vulnerabilities in XGBoost Accelerator |
| URI | https://ieeexplore.ieee.org/document/11133048 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwFLSgYmACRBHf8sDqNkndvHgsLYUBVZX4ULfKH89SpCpBbcrv59ltQQwMbFEUJYod--7iOz_G7pQjGg5GC8htJiT4XBhJYsUS1TbKEKCbWLXkGSaTYjZT021YPWZhEDGaz7ATDuNavqvtOvwq64ay6CS_i322D5Bvwlrb1G-aqO5oMKSvSYb4Sdbv7C7-VTYlosb46J_PO2btn_wdn34jywnbw-qUjaJdrgw2ZT4Ntc34S-lQhHhAhQv-vl6EDaSj15XULy8rPnu8r-tVwwfWErjE9fQ2exs_vA6fxLYGgtA0VBoBiLlM0ajCWwXOmLTvXQZGOSfRaw-9niu0SYkHKaJ2nuAFEg0aiOnlJlG9M9aq6grPGTfOJzSZabqhkjIxpHQckECy2Aep0-KCtUMTzD8221zMd29_-cf5K3YYGjr4prLsmrWa5Rpv2IH9bMrV8jZ2zhfucJG1 |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwGP3QKehJxYm_zcFrtrZLm-Y4N-fEOQZO2W3kV6EwWtk6_36_xE7x4MFbKaWlSZP3vua9PIBbYZCGcyUpT3REGc8SqhgWKxqpthIKAV351JIRH4_T2UxMarO698JYa734zLbcoV_LN6Veu19lbReLjuV3ug07LjqrtmvVvt8wEO1-t4ffE3MGlChubS7_FZzicWNw8M8nHkLzx4FHJt_YcgRbtjiGvhfM5U6oTCYu3Yy85MZSZxAo7IK8rRduC2mvdsX6l-QFmT3cleWqIl2tEV78inoTXgf3096Q1ikIVOJgqSi3NmGhVSLNtOBGqTDOTMSVMIbZTGa80zGpVCEyIYHkLkOA4YHkkiPXS1QgOifQKMrCngJRJgtwOpN4Q8FYoLDWMRxLJG1jzmSYnkHTNcH8_Wuji_nm7c__OH8De8Pp82g-ehw_XcC-a3SnooqiS2hUy7W9gl39UeWr5bXvqE-2hJT- |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2025+62nd+ACM%2FIEEE+Design+Automation+Conference+%28DAC%29&rft.atitle=Exploiting+Power+Side-Channel+Vulnerabilities+in+XGBoost+Accelerator&rft.au=Xiao%2C+Yimeng&rft.au=Gajjar%2C+Archit&rft.au=Aysu%2C+Aydin&rft.au=Franzon%2C+Paul&rft.date=2025-06-22&rft.pub=IEEE&rft.spage=1&rft.epage=7&rft_id=info:doi/10.1109%2FDAC63849.2025.11133048&rft.externalDocID=11133048 |