Stealthy and Robust Glitch Injection Attack on Deep Learning Accelerator for Target With Variational Viewpoint

Liu, Wenye; Chang, Chip-Hong; Zhang, Fan

doi:10.1109/tifs.2020.3046858

Cited by 6 publications

(11 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The LGA achieved 55.1% ∼ 71.7% attack success rates with only two glitches injected into ten thousand to a million clock cycles of one inference. The attack success rates of the more robust SLA on all the four evaluated models were higher than 96% in any tested combinations of object-scene variational conditions [23].…”

Section: B Hardware-based Attacks On Deployed ML Modelmentioning

confidence: 81%

“…Dedicated mathematical functions developed for complicated processors like CPU and GPU are too expensive to be implemented on the embedded processor of these small devices. Thus, lightweight computation kernels, e.g., ARM Cortex Microcontroller Software Interface Standard for Neural Network (CMSIS-NN) [56] [23] (UPK), to the ARM v7M instruction set architecture, the computation performance and energy efficiency can be further improved.…”

Section: Hardware Platforms For MLmentioning

confidence: 99%

“…What make these adversarial attacks impractical are that they require a decent number of pristine samples of a target to be drawn from different realistic scenarios for generating a physical adversarial example and the generated adversarial example either has a large perturbation area or nonobjective shape [162]. Recently, the clock glitch injection technique [22] was extended to achieve stealthy and robust misclassification for target with variational viewpoints by deriving the attack patterns from only one sample of the target object in a fixed scene [23]. Two attack modes, namely Least Glitch Attack (LGA) and Sensitive Layer Attack (SLA), were derived.…”

Section: B Hardware-based Attacks On Deployed ML Modelmentioning

confidence: 99%

“…Remote attacks can degrade the ML's prediction accuracy on a powerful server through malicious manipulation of model parameters stored in the off-chip memory [20]. On the edge computing platforms, laser beam interference [21] and glitch injections [22] [23] have been exploited to tamper the internal processing of a ML model, resulting in a successful misclassification of the target input. Other vicious goals such as stealing or reverse engineering the trained model architecture/weights and training data are often achieved through side-channel attacks or a combination of side-channel and fault injection attacks.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

Liu

Chang

Wang

et al. 2021

IEEE J. Emerg. Sel. Topics Circuits Syst.

Self Cite

View full text Add to dashboard Cite

The last decade has witnessed remarkable research advances at the intersection of machine learning (ML) and hardware security. The confluence of the two technologies has created many interesting and unique opportunities, but also left some issues in their wake. ML schemes have been extensively used to enhance the security and trust of embedded systems like hardware Trojans and malware detection. On the other hand, ML-based approaches have also been adopted by adversaries to assist side-channel attacks, reverse engineer integrated circuits and break hardware security primitives like Physically Unclonable Functions (PUFs). Deep learning is a subfield of ML. It can continuously learn from a large amount of labeled data with a layered structure. Despite the impressive outcomes demonstrated by deep learning in many application scenarios, the dark side of it has not been fully exposed yet. The inability to fully understand and explain what has been done within the super-intelligence can turn an inherently benevolent system into malevolent. Recent research has revealed that the outputs of Deep Neural Networks (DNNs) can be easily corrupted by imperceptibly small input perturbations. As computations are brought nearer to the source of data creation, the attack surface of DNN has also been extended from the input data to the edge devices. Accordingly, due to the opportunities of MLassisted security and the vulnerabilities of ML implementation, in this paper, we will survey the applications, vulnerabilities and fortification of ML from the perspective of hardware security. We will discuss the possible future research directions, and thereby, sharing a roadmap for the hardware security community in general.

show abstract

Section: B Hardware-based Attacks On Deployed ML Modelmentioning

confidence: 81%

Section: Hardware Platforms For MLmentioning

confidence: 99%

Section: B Hardware-based Attacks On Deployed ML Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

Liu

Chang

Wang

et al. 2021

IEEE J. Emerg. Sel. Topics Circuits Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…This is because the 8-bit fixed width multiply-accumulate (MAC) operators have filtered out most visually imperceptible perturbations in the lower order bits of the 32-bit input data. However, such built-in error resiliency is insufficient to combat malicious hardware-oriented attacks like faults injected into the weight parameters [24,31] and the MAC units [22,23]. Recent work [23] show that maliciously injecting faults into the datapaths of real-world DNN accelerators can produce incorrect inference on the target victim.…”

Section: Introductionmentioning

confidence: 99%

A Forward Error Compensation Approach for Fault Resilient Deep Neural Network Accelerator Design

Liu

Chang

2021

Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security

Self Cite

View full text Add to dashboard Cite

Deep learning accelerator is a key enabler of a variety of safetycritical applications such as self-driving car and video surveillance. However, recently reported hardware-oriented attack vectors, e.g., fault injection attacks, have extended the threats on deployed deep neural network (DNN) systems beyond the software attack boundary by input data perturbation. Existing fault mitigation schemes including data masking, zeroing-on-error and circuit level timeborrowing techniques exploit the noise-tolerance of neural network models to resist random and sparse errors. Such noise tolerantbased schemes are not sufficiently effective to suppress intensive transient errors if a DNN accelerator is blasted with malicious and deliberate faults. In this paper, we conduct comprehensive investigations on reported resilient designs and propose a more robust countermeasure to fault injection attacks. The proposed design utilizes shadow flip flops for error detection and lightweight circuit for timely error correction. Our forward error compensation scheme rectifies the incorrect partial sum of the multiply-accumulation operation by estimating the difference between the correct and error-inflicted computation. The difference is added back to the final accumulated result at a later cycle without stalling the execution pipeline. We implemented our proposed design and the existing fault-mitigation schemes on the same Intel FPGA-based DNN accelerator to demonstrate its substantially enhanced resiliency against deliberate fault attacks on two popular DNN models, ResNet50 and VGG16, trained with ImageNet. CCS CONCEPTS• Security and privacy → Hardware attacks and countermeasures; • Hardware → Hardware accelerators.

show abstract

Artificial Neural Networks and Fault Injection Attacks

Tajik

Ganji

2022

Security and Artificial Intelligence

View full text Add to dashboard Cite

Stealthy and Robust Glitch Injection Attack on Deep Learning Accelerator for Target With Variational Viewpoint

Cited by 6 publications

References 39 publications

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

A Forward Error Compensation Approach for Fault Resilient Deep Neural Network Accelerator Design

Artificial Neural Networks and Fault Injection Attacks

Contact Info

Product

Resources

About