Towards hardware trojan resilient design of convolutional neural networks
Towards hardware trojan resilient design of convolutional neural networks
The use of hardware accelerators for convolutional neural networks (CNN) is on the rise due to the popularity of artificial intelligence in autonomous vehicles, industrial control systems, and intrusion detection techniques. However, the security of these designs is undermined by emerging attacks on the integrated circuits (IC) supply chain, such as hardware Trojan insertion. The latter consists of malicious modifications of the design to sabotage its functionality or leak sensitive information. This type of attack can significantly undermine the trustworthiness of artificial intelligence(AI) based systems and limit their applications. This paper investigates a new Hardware Trojan attack that targets the pooling layer of CNN implementations. We show that the accuracy of CNN is reduced by up to 30%. The work subsequently develops countermeasures to mitigate these risks. Based on an implementation of the MobileNets CNN architecture, our results demonstrate the ability of the proposed defence mechanism of early detection of reduced classification accuracy, which is caused by a Trojan insertion.
Sun, Peiyao
e517faec-75c2-43e4-a45e-90f47e80d195
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Kazmierski, Tomasz
a97d7958-40c3-413f-924d-84545216092a
Sun, Peiyao
e517faec-75c2-43e4-a45e-90f47e80d195
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Kazmierski, Tomasz
a97d7958-40c3-413f-924d-84545216092a
Sun, Peiyao, Halak, Basel and Kazmierski, Tomasz
(2022)
Towards hardware trojan resilient design of convolutional neural networks.
In 2022 IEEE 35th International System-on-Chip Conference (SOCC).
IEEE.
6 pp
.
(doi:10.1109/SOCC56010.2022.9908104).
Record type:
Conference or Workshop Item
(Paper)
Abstract
The use of hardware accelerators for convolutional neural networks (CNN) is on the rise due to the popularity of artificial intelligence in autonomous vehicles, industrial control systems, and intrusion detection techniques. However, the security of these designs is undermined by emerging attacks on the integrated circuits (IC) supply chain, such as hardware Trojan insertion. The latter consists of malicious modifications of the design to sabotage its functionality or leak sensitive information. This type of attack can significantly undermine the trustworthiness of artificial intelligence(AI) based systems and limit their applications. This paper investigates a new Hardware Trojan attack that targets the pooling layer of CNN implementations. We show that the accuracy of CNN is reduced by up to 30%. The work subsequently develops countermeasures to mitigate these risks. Based on an implementation of the MobileNets CNN architecture, our results demonstrate the ability of the proposed defence mechanism of early detection of reduced classification accuracy, which is caused by a Trojan insertion.
This record has no associated files available for download.
More information
e-pub ahead of print date: 10 October 2022
Venue - Dates:
2022 IEEE 35th International System-on-Chip Conference, Titanic, Belfast, United Kingdom, 2022-09-05 - 2022-09-08
Identifiers
Local EPrints ID: 487977
URI: http://eprints.soton.ac.uk/id/eprint/487977
PURE UUID: 666b7550-9eda-480a-a30f-009690264c66
Catalogue record
Date deposited: 12 Mar 2024 17:36
Last modified: 18 Mar 2024 03:56
Export record
Altmetrics
Contributors
Author:
Peiyao Sun
Author:
Basel Halak
Author:
Tomasz Kazmierski
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics