The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Tamper resistant design of convolutional neural network hardware accelerator

Tamper resistant design of convolutional neural network hardware accelerator
Tamper resistant design of convolutional neural network hardware accelerator
The globalisation of supply chains and manufacturing processes can lead to loss of control over the manufacturing process and exposure to potentially malicious third parties, thus making the security of Convolutional Neural Network hardware accelerators compromised by emerging attacks (e.g., hardware Trojan(HT) insertion attacks and backdoor attacks from third-party dataset providers). In this paper, a new defence mechanism, called Shuffle and Substitution-Based Defence Mechanism(SSDM), is proposed to effectively defend against attacks launched by attackers from the third-party dataset providers and the Fabrication phase. The new countermeasure proposed in this paper can not only effectively suppress the activation of most existing HTs, but also greatly increase the difficulty for adversaries from third-party dataset providers to successfully execute backdoor attacks. The experimental results show that the new defensive countermeasures are effective in preventing HTs from being activated and significantly increasing the difficulty of backdoor attacks.
Accelerator, Backdoor attack, CNN, Countermeasure, Hardware Trojans, Shuffle, Substitution
IEEE
Yu, Haosen
71ded974-69df-4edd-8c1a-ad192b83a27e
Sun, Peiyao
e517faec-75c2-43e4-a45e-90f47e80d195
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Shanthakumar, Karthik
6ff8be75-4a65-4ce6-a3ed-1e7961f6dabf
Kazmierski, Tomasz
a97d7958-40c3-413f-924d-84545216092a
Yu, Haosen
71ded974-69df-4edd-8c1a-ad192b83a27e
Sun, Peiyao
e517faec-75c2-43e4-a45e-90f47e80d195
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Shanthakumar, Karthik
6ff8be75-4a65-4ce6-a3ed-1e7961f6dabf
Kazmierski, Tomasz
a97d7958-40c3-413f-924d-84545216092a

Yu, Haosen, Sun, Peiyao, Halak, Basel, Shanthakumar, Karthik and Kazmierski, Tomasz (2024) Tamper resistant design of convolutional neural network hardware accelerator. In Proceedings of the 2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). IEEE. 5 pp . (doi:10.1109/AsianHOST59942.2023.10409319).

Record type: Conference or Workshop Item (Paper)

Abstract

The globalisation of supply chains and manufacturing processes can lead to loss of control over the manufacturing process and exposure to potentially malicious third parties, thus making the security of Convolutional Neural Network hardware accelerators compromised by emerging attacks (e.g., hardware Trojan(HT) insertion attacks and backdoor attacks from third-party dataset providers). In this paper, a new defence mechanism, called Shuffle and Substitution-Based Defence Mechanism(SSDM), is proposed to effectively defend against attacks launched by attackers from the third-party dataset providers and the Fabrication phase. The new countermeasure proposed in this paper can not only effectively suppress the activation of most existing HTs, but also greatly increase the difficulty for adversaries from third-party dataset providers to successfully execute backdoor attacks. The experimental results show that the new defensive countermeasures are effective in preventing HTs from being activated and significantly increasing the difficulty of backdoor attacks.

This record has no associated files available for download.

More information

Published date: 24 January 2024
Venue - Dates: 2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Tianjin, China, 2023-12-13 - 2023-12-15
Keywords: Accelerator, Backdoor attack, CNN, Countermeasure, Hardware Trojans, Shuffle, Substitution
Learn more about School of Electronics and Computer Science research Learn more about Cyber Security research Learn more about Cyber Physical Systems research

Identifiers

Local EPrints ID: 486706
URI: http://eprints.soton.ac.uk/id/eprint/486706
DOI: doi:10.1109/AsianHOST59942.2023.10409319
PURE UUID: 095db779-33df-4983-ad8b-bbf5f0dcf783
ORCID for Haosen Yu: ORCID iD orcid.org/0000-0002-6174-8579
ORCID for Peiyao Sun: ORCID iD orcid.org/0009-0009-3641-7039
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226

Catalogue record

Date deposited: 02 Feb 2024 17:32
Last modified: 18 Mar 2024 04:10

Export record

Altmetrics

Contributors

Author: Haosen Yu ORCID iD
Author: Peiyao Sun ORCID iD
Author: Basel Halak ORCID iD
Author: Karthik Shanthakumar
Author: Tomasz Kazmierski

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×