The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Towards hardware Trojan resilient convolutional neural networks accelerators

Towards hardware Trojan resilient convolutional neural networks accelerators
Towards hardware Trojan resilient convolutional neural networks accelerators
Convolutional neural network accelerators are increasingly used in safety-critical applications, including autonomous vehicles. Therefore, particularly vulnerable to hardware Trojan insertion, a security attack that takes place during the development of integrated circuits. This work presents for the first time, a large-scale study of the impact of hardware Trojan insertion on convolutional neural network accelerators, focusing on those that use approximate commuting techniques, prevalent in embedded applications. We investigate three types of such networks, MobileNet V2, ShuffleNet V2, and GhostNet, trained in datasets of grayscale speed limit sign images and GTSRB. Our results show that certain parts of these architectures are more susceptible to hardware Trojan attacks, specifically a specific set of procession elements, referred to as “important”, in the classification, Relu6, and Max pooling layers, respectively. These findings are subsequently used to develop two countermeasures, the first relies on selective hardware redundancy(SHR), and the second uses a combination of hardware and time redundancy(SHTR). The proposed defenses are experimentally validated. Our results show that the SHR provides speedy recovery from an attack while incurring between 6-10% area overheads. Whereas SHTR requires more time to detect the Trojan, and its area overhead is much smaller (~ 0.3%).
2509-3436
Sun, Peiyao
e517faec-75c2-43e4-a45e-90f47e80d195
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Kazmierski, Tom J.
a97d7958-40c3-413f-924d-84545216092a
Sun, Peiyao
e517faec-75c2-43e4-a45e-90f47e80d195
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Kazmierski, Tom J.
a97d7958-40c3-413f-924d-84545216092a

Sun, Peiyao, Halak, Basel and Kazmierski, Tom J. (2025) Towards hardware Trojan resilient convolutional neural networks accelerators. Journal of Hardware and Systems Security. (doi:10.1007/s41635-025-00164-y).

Record type: Article

Abstract

Convolutional neural network accelerators are increasingly used in safety-critical applications, including autonomous vehicles. Therefore, particularly vulnerable to hardware Trojan insertion, a security attack that takes place during the development of integrated circuits. This work presents for the first time, a large-scale study of the impact of hardware Trojan insertion on convolutional neural network accelerators, focusing on those that use approximate commuting techniques, prevalent in embedded applications. We investigate three types of such networks, MobileNet V2, ShuffleNet V2, and GhostNet, trained in datasets of grayscale speed limit sign images and GTSRB. Our results show that certain parts of these architectures are more susceptible to hardware Trojan attacks, specifically a specific set of procession elements, referred to as “important”, in the classification, Relu6, and Max pooling layers, respectively. These findings are subsequently used to develop two countermeasures, the first relies on selective hardware redundancy(SHR), and the second uses a combination of hardware and time redundancy(SHTR). The proposed defenses are experimentally validated. Our results show that the SHR provides speedy recovery from an attack while incurring between 6-10% area overheads. Whereas SHTR requires more time to detect the Trojan, and its area overhead is much smaller (~ 0.3%).

Text
Towards Hardware Trojan Resilient Convolutional Neural Networks Accelerators - Accepted Manuscript
Available under License Creative Commons Attribution.
Download (1MB)
Text
s41635-025-00164-y - Version of Record
Available under License Creative Commons Attribution.
Download (2MB)

More information

Accepted/In Press date: 1 July 2025
e-pub ahead of print date: 1 August 2025
Learn more about School of Electronics and Computer Science research Learn more about Cyber Security research Learn more about Cyber Physical Systems research

Identifiers

Local EPrints ID: 504434
URI: http://eprints.soton.ac.uk/id/eprint/504434
DOI: doi:10.1007/s41635-025-00164-y
ISSN: 2509-3436
PURE UUID: 0d82bfcc-32ad-4989-9a49-48638af18ad7
ORCID for Peiyao Sun: ORCID iD orcid.org/0009-0009-3641-7039
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226

Catalogue record

Date deposited: 09 Sep 2025 17:48
Last modified: 11 Sep 2025 03:13

Export record

Altmetrics

Contributors

Author: Peiyao Sun ORCID iD
Author: Basel Halak ORCID iD
Author: Tom J. Kazmierski

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×