SecONN: An Optical Neural Network Framework with Concurrent Detection of Thermal Fault Injection Attacks

• URL: http://arxiv.org/abs/2411.14741v1
• Date: Fri, 22 Nov 2024 05:31:36 GMT
• Title: SecONN: An Optical Neural Network Framework with Concurrent Detection of Thermal Fault Injection Attacks
• Authors: Kota Nishida, Yoshihiro Midoh, Noriyuki Miura, Satoshi Kawakami, Jun Shiomi,
• Abstract summary: This paper first proposes a threat of thermal fault injection attacks on SPAAs based on Vector-Matrix Multipliers (VMMs) utilizing Mach-Zhender Interferometers. This paper then proposes SecONN, an optical neural network framework that is capable of not only inferences but also concurrent detection of the attacks.
• Score: 0.7262345640500065
• License:
• Abstract: Silicon Photonics-based AI Accelerators (SPAAs) have been considered as promising AI accelerators achieving high energy efficiency and low latency. While many researchers focus on improving SPAAs' energy efficiency and latency, their physical security has not been sufficiently studied. This paper first proposes a threat of thermal fault injection attacks on SPAAs based on Vector-Matrix Multipliers (VMMs) utilizing Mach-Zhender Interferometers. This paper then proposes SecONN, an optical neural network framework that is capable of not only inferences but also concurrent detection of the attacks. In addition, this paper introduces a concept of Wavelength Division Perturbation (WDP) where wavelength dependent VMM results are utilized to increase detection accuracy. Simulation results show that the proposed method achieves 88.7% attack-caused average misprediction recall.

Related papers

• MDHP-Net: Detecting Injection Attacks on In-vehicle Network using Multi-Dimensional Hawkes Process and Temporal Model [44.356505647053716]
  In this paper, we consider a specific type of cyberattack known as the injection attack. These injection attacks have effect over time, gradually manipulating network traffic and disrupting the vehicle's normal functioning. We propose an injection attack detector, MDHP-Net, which integrates optimal MDHP parameters with MDHP-LSTM blocks to enhance temporal feature extraction.
  arXiv  Detail & Related papers  (2024-11-15T15:05:01Z)
• EPIM: Efficient Processing-In-Memory Accelerators based on Epitome [78.79382890789607]
  We introduce the Epitome, a lightweight neural operator offering convolution-like functionality. On the software side, we evaluate epitomes' latency and energy on PIM accelerators. We introduce a PIM-aware layer-wise design method to enhance their hardware efficiency.
  arXiv  Detail & Related papers  (2023-11-12T17:56:39Z)
• Active RIS-aided EH-NOMA Networks: A Deep Reinforcement Learning Approach [66.53364438507208]
  An active reconfigurable intelligent surface (RIS)-aided multi-user downlink communication system is investigated. Non-orthogonal multiple access (NOMA) is employed to improve spectral efficiency, and the active RIS is powered by energy harvesting (EH) An advanced LSTM based algorithm is developed to predict users' dynamic communication state. A DDPG based algorithm is proposed to joint control the amplification matrix and phase shift matrix RIS.
  arXiv  Detail & Related papers  (2023-04-11T13:16:28Z)
• Cascade-Forward Neural Network Based on Resilient Backpropagation for Simultaneous Parameters and State Space Estimations of Brushed DC Machines [0.0]
  A sensorless speed, average temperature and resistance estimation technique based on Neural Network (NN) is proposed in this paper. The main objective of this paper is to introduce an intelligent sensor based on resilient BP to estimate simultaneously the speed, armature temperature and resistance of brushed DC machines.
  arXiv  Detail & Related papers  (2021-03-31T08:56:14Z)
• Selective and Features based Adversarial Example Detection [12.443388374869745]
  Security-sensitive applications that relay on Deep Neural Networks (DNNs) are vulnerable to small perturbations crafted to generate Adversarial Examples (AEs) We propose a novel unsupervised detection mechanism that uses the selective prediction, processing model layers outputs, and knowledge transfer concepts in a multi-task learning setting. Experimental results show that the proposed approach achieves comparable results to the state-of-the-art methods against tested attacks in white box scenario and better results in black and gray boxes scenarios.
  arXiv  Detail & Related papers  (2021-03-09T11:06:15Z)
• Detecting Botnet Attacks in IoT Environments: An Optimized Machine Learning Approach [8.641714871787595]
  Machine learning (ML) has emerged as one potential solution due to the abundance of data generated and available for IoT devices and networks. This paper proposes an optimized ML-based framework to detect attacks on IoT devices in an effective and efficient manner. Experimental results show that the proposed optimized framework has a high detection accuracy, precision, recall, and F-score.
  arXiv  Detail & Related papers  (2020-12-16T16:39:55Z)
• SPAA: Stealthy Projector-based Adversarial Attacks on Deep Image Classifiers [82.19722134082645]
  A stealthy projector-based adversarial attack is proposed in this paper. We approximate the real project-and-capture operation using a deep neural network named PCNet. Our experiments show that the proposed SPAA clearly outperforms other methods by achieving higher attack success rates.
  arXiv  Detail & Related papers  (2020-12-10T18:14:03Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)
• Scaling Equilibrium Propagation to Deep ConvNets by Drastically Reducing its Gradient Estimator Bias [65.13042449121411]
  In practice, training a network with the gradient estimates provided by EP does not scale to visual tasks harder than MNIST. We show that a bias in the gradient estimate of EP, inherent in the use of finite nudging, is responsible for this phenomenon. We apply these techniques to train an architecture with asymmetric forward and backward connections, yielding a 13.2% test error.
  arXiv  Detail & Related papers  (2020-06-06T09:36:07Z)
• Adversarial Attack on Deep Product Quantization Network for Image Retrieval [74.85736968193879]
  Deep product quantization network (DPQN) has recently received much attention in fast image retrieval tasks. Recent studies show that deep neural networks (DNNs) are vulnerable to input with small and maliciously designed perturbations. We propose product quantization adversarial generation (PQ-AG) to generate adversarial examples for product quantization based retrieval systems.
  arXiv  Detail & Related papers  (2020-02-26T09:25:58Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.