Novel Hardware Trojan Attack on Activation Parameters of FPGA-Based DNN Accelerators

Mukherjee, Rijoy; Chakraborty, Rajat Subhra

doi:10.1109/les.2022.3159541

Cited by 11 publications

(7 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Trojan incurred minimal hardware overhead and negligible power consumption, with average hardware overhead of 0.5% and 0.2% and power consumption of 0.622% and 0.187% in SIMD and NVDLA accelerators, respectively [ 26 ]. Novel hardware Trojan attacks specifically targeting DNN hardware accelerators implemented on FPGA were introduced [ 27 ]. These hardware Trojans aim to modify the activation parameters of the DNN within the accelerator.…”

Section: Related Work and Motivationmentioning

confidence: 99%

“…Moreover, security threats associated with CNN accelerators have extended into the hardware domain. Prior works have introduced various hardware attack methods, including reverse engineering [ 20 ] and hardware Trojans [ 21 , 22 , 23 , 24 , 25 , 26 , 27 ]. Among these threats, hardware Trojan attacks are considered a major security concern [ 28 , 29 , 30 ].…”

Section: Introductionmentioning

confidence: 99%

“…In the current landscape, several hardware Trojans have been specifically designed to target CNN accelerators [ 21 , 22 , 23 , 24 , 25 , 26 , 27 ]. These attacks primarily focus on the process elements (PEs) [ 21 , 22 ], memory [ 23 , 24 ], prediction results [ 25 ], bias buffer [ 26 ], and activation parameters [ 27 ], but they often overlook the reconfigurable interconnection network, which is another vital component. As depicted in Figure 1 , a typical reconfigurable accelerator consists of a PE array that can be dynamically configured to perform convolution operations in different computation modes.…”

Section: Introductionmentioning

confidence: 99%

“…Therefore, attacks through hardware Trojans pose significant challenges for FPGA-based CNN accelerators and have the potential to cause severe damage to AI systems. In the current landscape, several hardware Trojans have been specifically designed to target CNN accelerators [21][22][23][24][25][26][27]. These attacks primarily focus on the process elements (PEs) [21,22], memory [23,24], prediction results [25], bias buffer [26], and activation parameters [27], but they often overlook the reconfigurable interconnection network, which is another vital component.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique

Hou,

Liu,

Yang

et al. 2024

Micromachines

View full text Add to dashboard Cite

Convolutional neural networks (CNNs) have demonstrated significant superiority in modern artificial intelligence (AI) applications. To accelerate the inference process of CNNs, reconfigurable CNN accelerators that support diverse networks are widely employed for AI systems. Given the ubiquitous deployment of these AI systems, there is a growing concern regarding the security of CNN accelerators and the potential attacks they may face, including hardware Trojans. This paper proposes a hardware Trojan designed to attack a crucial component of FPGA-based CNN accelerators: the reconfigurable interconnection network. Specifically, the hardware Trojan alters the data paths during activation, resulting in incorrect connections in the arithmetic circuit and consequently causing erroneous convolutional computations. To address this issue, the paper introduces a novel detection technique based on physically unclonable functions (PUFs) to safeguard the reconfigurable interconnection network against hardware Trojan attacks. Experimental results demonstrate that by incorporating a mere 0.27% hardware overhead to the accelerator, the proposed hardware Trojan can degrade the inference accuracy of popular neural network architectures, including LeNet, AlexNet, and VGG, by a significant range of 8.93% to 86.20%. The implemented arbiter-PUF circuit on a Xilinx Zynq XC7Z100 platform successfully detects the presence and location of hardware Trojans in a reconfigurable interconnection network. This research highlights the vulnerability of reconfigurable CNN accelerators to hardware Trojan attacks and proposes a promising detection technique to mitigate potential security risks. The findings underscore the importance of addressing hardware security concerns in the design and deployment of AI systems utilizing FPGA-based CNN accelerators.

show abstract

Section: Related Work and Motivationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique

Hou,

Liu,

Yang

et al. 2024

Micromachines

View full text Add to dashboard Cite

show abstract

“…These deceptive programs are often concealed within seemingly innocuous email attachments or free downloads. Upon opening such attachments or initiating downloads, the embedded malware is introduced to the user's device, enabling the malicious code to execute the attacker's intended actions [7]- [9]. Incidents involving Trojan Horse attacks have emerged as significant cybersecurity risks, inflicting financial losses, and operational disruptions on individuals and businesses.…”

Section: Introductionmentioning

confidence: 99%

Using decision tree classifier to detect Trojan Horse based on memory data

Abualhaj,

Al-Khatib

2024

TELKOMNIKA

View full text Add to dashboard Cite

Trojan Horse is a major threat that has grown with the spread of the digital world. Data gathered through the study of memory can provide valuable insights into the Trojan Horse's behavior patterns. Because of this, memory analysis techniques are one of the topics that should be investigated in Trojan Horse detection. This study proposes the use of memory data in Trojan Horse detection. Trojan Horse detection used a decision tree (DT) classifier with memory data. Experiments were performed on the Trojan Horse samples from the CIC-MalMem-2022 dataset. The binary classification was made using DT, gradient boosted tree, Naive Bayes (NB), linear vector support machine, K-nearest neighbors (KNN), and machine learning (ML) classifiers. The comparison of the various classification methods was performed utilizing the accuracy, recall, precision, and F1score metrics. As a result, the most successful Trojan Horse detection was gained with the DT classifier, which achieved accuracy of 99.96% using memory data. The NB classifier showed the lowest achievement in Trojan Horse detection using memory data, which achieved accuracy of 98.41%. In addition, numerous of the classifiers utilized have attained very high results. Based on the achieved results, the data from memory analysis is very valuable in detecting Trojan Horse.

show abstract