Memory Trojan Attack on Neural Network Accelerators

Zhao, Yang; Hu, Xing; Li, Shuangchen; Ye, Jing; Deng, Lei; Ji, Yu; Xu, Jinhong; Wu, Dong; Xie, Yuan

doi:10.23919/date.2019.8715027

Cited by 35 publications

(38 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…HTs pose a real threat for outsourced DNN IC design, fabrication or testing activity or the use of 3PIPs within DNN hardware. Successfully embedded stealthy trigger and payload into the activation layer [97] or memory controller [98] can cause misclassification. Fortunately, hardware attacks on edge deep learning applications have so far been constrained to DNN hardware on small scale (10 categories) classification [92], [94] or are based on simulated instead of physically induced faults [96], [98] on larger network such as Ima-geNet [99] (1000 categories) classification.…”

Section: ) Trojans Insertion Throughmentioning

confidence: 99%

“…Successfully embedded stealthy trigger and payload into the activation layer [97] or memory controller [98] can cause misclassification. Fortunately, hardware attacks on edge deep learning applications have so far been constrained to DNN hardware on small scale (10 categories) classification [92], [94] or are based on simulated instead of physically induced faults [96], [98] on larger network such as Ima-geNet [99] (1000 categories) classification. One exception is the most recently reported stealthy misclassification attack on deep learning accelerator for ImageNet applications in [100].…”

Section: ) Trojans Insertion Throughmentioning

confidence: 99%

See 1 more Smart Citation

An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools

Chang

Sengupta

et al. 2021

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

show abstract

Section: ) Trojans Insertion Throughmentioning

confidence: 99%

Section: ) Trojans Insertion Throughmentioning

confidence: 99%

An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools

Chang

Sengupta

et al. 2021

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

show abstract

“…By inserting the payload circuits into the activation function, especially the ReLU function, the operation of the neurons can be controlled by a selected trigger key [19]. Embedding Trojan payload in the memory controller can cause zeroing of internal features by identifying the image sequence through the memory traffic [148]. The main limitation of Trojan attacks is that the payload circuit can only be covertly implanted during the hardware development phase, usually through rogue insiders, untrusted foundries, or malicious third-party IP integration.…”

Section: B Hardware-based Attacks On Deployed ML Modelmentioning

confidence: 99%

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

Liu

Chang

Wang

et al. 2021

IEEE J. Emerg. Sel. Topics Circuits Syst.

View full text Add to dashboard Cite

The last decade has witnessed remarkable research advances at the intersection of machine learning (ML) and hardware security. The confluence of the two technologies has created many interesting and unique opportunities, but also left some issues in their wake. ML schemes have been extensively used to enhance the security and trust of embedded systems like hardware Trojans and malware detection. On the other hand, ML-based approaches have also been adopted by adversaries to assist side-channel attacks, reverse engineer integrated circuits and break hardware security primitives like Physically Unclonable Functions (PUFs). Deep learning is a subfield of ML. It can continuously learn from a large amount of labeled data with a layered structure. Despite the impressive outcomes demonstrated by deep learning in many application scenarios, the dark side of it has not been fully exposed yet. The inability to fully understand and explain what has been done within the super-intelligence can turn an inherently benevolent system into malevolent. Recent research has revealed that the outputs of Deep Neural Networks (DNNs) can be easily corrupted by imperceptibly small input perturbations. As computations are brought nearer to the source of data creation, the attack surface of DNN has also been extended from the input data to the edge devices. Accordingly, due to the opportunities of MLassisted security and the vulnerabilities of ML implementation, in this paper, we will survey the applications, vulnerabilities and fortification of ML from the perspective of hardware security. We will discuss the possible future research directions, and thereby, sharing a roadmap for the hardware security community in general.

show abstract

“…Hardware trojans [63][64] [65][66] [67] are malicious components implanted into the system hardware, which compromise the security of a ML system. Hardware trojans can introduce undesired system behavior, or be dormant in the normal system operation and be triggered at a specific instance.…”

Section: Hardware Attacksmentioning

confidence: 99%

Robust Machine Learning Systems: Challenges,Current Trends, Perspectives, and the Road Ahead

et al. 2020

View full text Add to dashboard Cite

Machine Learning (ML) techniques have been rapidly adopted by smart Cyber-Physical Systems (CPS) and Internet-of-Things (IoT) due to their powerful decision-making capabilities. However, they are vulnerable to various security and reliability threats, at both hardware and software levels, that compromise their accuracy. These threats get aggravated in emerging edge ML devices that have stringent constraints in terms of resources (e.g., compute, memory, power/energy), and that therefore cannot employ costly security and reliability measures. Security, reliability, and vulnerability mitigation techniques span from network security measures to hardware protection, with an increased interest towards formal verification of trained ML models.This paper summarizes the prominent vulnerabilities of modern ML systems, highlights successful defenses and mitigation techniques against these vulnerabilities, both at the cloud (i.e., during the ML training phase) and edge (i.e., during the ML inference stage), discusses the implications of a resourceconstrained design on the reliability and security of the system, identifies verification methodologies to ensure correct system behavior, and describes open research challenges for building secure and reliable ML systems at both the edge and the cloud.

show abstract

Memory Trojan Attack on Neural Network Accelerators

Cited by 35 publications

References 10 publications

An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools

An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

Robust Machine Learning Systems: Challenges,Current Trends, Perspectives, and the Road Ahead

Contact Info

Product

Resources

About