FeSHI: Feature Map Based Stealthy Hardware Intrinsic Attack
- URL: http://arxiv.org/abs/2106.06895v1
- Date: Sun, 13 Jun 2021 01:50:34 GMT
- Title: FeSHI: Feature Map Based Stealthy Hardware Intrinsic Attack
- Authors: Tolulope Odetola, Faiq Khalid, Travis Sandefur, Hawzhin Mohammed and
Syed Rafay Hasan
- Abstract summary: Convolutional Neural Networks (CNN) have shown impressive performance in computer vision, natural language processing, and many other applications.
The use of cloud computing for CNNs is becoming more popular.
This comes with privacy and latency concerns that have motivated the designers to develop embedded hardware accelerators for CNNs.
- Score: 0.5872014229110214
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Convolutional Neural Networks (CNN) have shown impressive performance in
computer vision, natural language processing, and many other applications, but
they exhibit high computations and substantial memory requirements. To address
these limitations, especially in resource-constrained devices, the use of cloud
computing for CNNs is becoming more popular. This comes with privacy and
latency concerns that have motivated the designers to develop embedded hardware
accelerators for CNNs. However, designing a specialized accelerator increases
the time-to-market and cost of production. Therefore, to reduce the
time-to-market and access to state-of-the-art techniques, CNN hardware mapping
and deployment on embedded accelerators are often outsourced to untrusted third
parties, which is going to be more prevalent in futuristic artificial
intelligence of things (AIoT) systems. These AIoT systems anticipate horizontal
collaboration among different resource-constrained AIoT node devices, where CNN
layers are partitioned and these devices collaboratively compute complex CNN
tasks Therefore, there is a dire need to explore this attack surface for
designing secure embedded hardware accelerators for CNNs. Towards this goal, in
this paper, we exploited this attack surface to propose an HT-based attack
called FeSHI. This attack exploits the statistical distribution i.e., Gaussian
distribution, of the layer-by-layer feature maps of the CNN to design two
triggers for stealthy HT with a very low probability of triggering. To
illustrate the effectiveness of the proposed attack, we deployed the LeNet and
LeNet-3D on PYNQ to classify the MNIST and CIFAR-10 datasets, respectively, and
tested FeSHI. The experimental results show that FeSHI utilizes up to 2% extra
LUTs, and the overall resource overhead is less than 1% compared to the
original designs
Related papers
- Efficient Intrusion Detection: Combining $χ^2$ Feature Selection with CNN-BiLSTM on the UNSW-NB15 Dataset [2.239394800147746]
Intrusion Detection Systems (IDSs) have played a significant role in the detection and prevention of cyber-attacks in traditional computing systems.
The limited computational resources available on Internet of Things (IoT) devices pose a challenge for deploying conventional computing-based IDSs.
We present an effective IDS model that addresses this issue by combining a lightweight Convolutional Neural Network (CNN) with bidirectional Long Short-Term Memory (BiLSTM)
arXiv Detail & Related papers (2024-07-20T17:41:16Z) - OA-CNNs: Omni-Adaptive Sparse CNNs for 3D Semantic Segmentation [70.17681136234202]
We reexamine the design distinctions and test the limits of what a sparse CNN can achieve.
We propose two key components, i.e., adaptive receptive fields (spatially) and adaptive relation, to bridge the gap.
This exploration led to the creation of Omni-Adaptive 3D CNNs (OA-CNNs), a family of networks that integrates a lightweight module.
arXiv Detail & Related papers (2024-03-21T14:06:38Z) - Improving Robustness Against Adversarial Attacks with Deeply Quantized
Neural Networks [0.5849513679510833]
A disadvantage of Deep Neural Networks (DNNs) is their vulnerability to adversarial attacks, as they can be fooled by adding slight perturbations to the inputs.
This paper reports the results of devising a tiny DNN model, robust to adversarial black and white box attacks, trained with an automatic quantizationaware training framework.
arXiv Detail & Related papers (2023-04-25T13:56:35Z) - Intrusion Detection in Internet of Things using Convolutional Neural
Networks [4.718295605140562]
We propose a novel solution to the intrusion attacks against IoT devices using CNNs.
The data is encoded as the convolutional operations to capture the patterns from the sensors data along time.
The experimental results show significant improvement in both true positive rate and false positive rate compared to the baseline using LSTM.
arXiv Detail & Related papers (2022-11-18T07:27:07Z) - Deep Learning for Real Time Satellite Pose Estimation on Low Power Edge
TPU [58.720142291102135]
In this paper we propose a pose estimation software exploiting neural network architectures.
We show how low power machine learning accelerators could enable Artificial Intelligence exploitation in space.
arXiv Detail & Related papers (2022-04-07T08:53:18Z) - FPGA-optimized Hardware acceleration for Spiking Neural Networks [69.49429223251178]
This work presents the development of a hardware accelerator for an SNN, with off-line training, applied to an image recognition task.
The design targets a Xilinx Artix-7 FPGA, using in total around the 40% of the available hardware resources.
It reduces the classification time by three orders of magnitude, with a small 4.5% impact on the accuracy, if compared to its software, full precision counterpart.
arXiv Detail & Related papers (2022-01-18T13:59:22Z) - SoWaF: Shuffling of Weights and Feature Maps: A Novel Hardware Intrinsic
Attack (HIA) on Convolutional Neural Network (CNN) [0.0]
Security of inference phase deployment of Convolutional neural network (CNN) into resource constrained embedded systems is a growing research area.
Third party FPGA designers can be provided with no knowledge of initial and final classification layers.
We demonstrate that hardware intrinsic attack (HIA) in such a "secure" design is still possible.
arXiv Detail & Related papers (2021-03-16T21:12:07Z) - BreakingBED -- Breaking Binary and Efficient Deep Neural Networks by
Adversarial Attacks [65.2021953284622]
We study robustness of CNNs against white-box and black-box adversarial attacks.
Results are shown for distilled CNNs, agent-based state-of-the-art pruned models, and binarized neural networks.
arXiv Detail & Related papers (2021-03-14T20:43:19Z) - MS-RANAS: Multi-Scale Resource-Aware Neural Architecture Search [94.80212602202518]
We propose Multi-Scale Resource-Aware Neural Architecture Search (MS-RANAS)
We employ a one-shot architecture search approach in order to obtain a reduced search cost.
We achieve state-of-the-art results in terms of accuracy-speed trade-off.
arXiv Detail & Related papers (2020-09-29T11:56:01Z) - RT3D: Achieving Real-Time Execution of 3D Convolutional Neural Networks
on Mobile Devices [57.877112704841366]
This paper proposes RT3D, a model compression and mobile acceleration framework for 3D CNNs.
For the first time, real-time execution of 3D CNNs is achieved on off-the-shelf mobiles.
arXiv Detail & Related papers (2020-07-20T02:05:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.