Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897823
Juan-David Guerrero-Balaguera, Robert Limas Sierra, M. Reorda
Convolutional Neural Networks (CNNs) and Graphic Processing Units (GPUs) are now increasingly adopted in many cutting edge safety-critical applications. Consequently, it is crucial to evaluate the reliability of these systems, since the hardware can be affected by several phenomena (e.g., wear out of the device), producing permanent defects in the GPU. These defects may induce wrong outcomes in the CNN that may endanger the application. Traditionally, the study of the effects of permanent faults on CNNs has been approached by resorting to application-level fault injection (e.g., acting on the weights). However, this approach has restricted scope, and it may not reveal the actual vulnerabilities in the GPU device. Hence, a more accurate evaluation of the fault effects is required, considering more in-depth details of the device’s hardware. This work introduces a more elaborated experimental evaluation of the impact of GPU’s permanent faults on the reliability of a CNN by resorting to a Software-Implemented Fault Injection(SWIFI) strategy, considering faults at the hardware level. The results of the fault simulation campaigns we performed on the GPU data-path cores are compared with those at the application level, proving that the latter ones are generally optimistic.
{"title":"Effective fault simulation of GPU’s permanent faults for reliability estimation of CNNs","authors":"Juan-David Guerrero-Balaguera, Robert Limas Sierra, M. Reorda","doi":"10.1109/IOLTS56730.2022.9897823","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897823","url":null,"abstract":"Convolutional Neural Networks (CNNs) and Graphic Processing Units (GPUs) are now increasingly adopted in many cutting edge safety-critical applications. Consequently, it is crucial to evaluate the reliability of these systems, since the hardware can be affected by several phenomena (e.g., wear out of the device), producing permanent defects in the GPU. These defects may induce wrong outcomes in the CNN that may endanger the application. Traditionally, the study of the effects of permanent faults on CNNs has been approached by resorting to application-level fault injection (e.g., acting on the weights). However, this approach has restricted scope, and it may not reveal the actual vulnerabilities in the GPU device. Hence, a more accurate evaluation of the fault effects is required, considering more in-depth details of the device’s hardware. This work introduces a more elaborated experimental evaluation of the impact of GPU’s permanent faults on the reliability of a CNN by resorting to a Software-Implemented Fault Injection(SWIFI) strategy, considering faults at the hardware level. The results of the fault simulation campaigns we performed on the GPU data-path cores are compared with those at the application level, proving that the latter ones are generally optimistic.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133558553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897811
Krishnendu Guha, S. Saha, K. Mcdonald-Maier
Present day real time approximate computing applications like image and video processing involves execution of a set of tasks before a certain amount of time or deadline. In addition to this, present day systems are associated with strict energy budget that cannot be changed post deployment. The tasks comprises of a mandatory and optional part. Completion of all mandatory portions of all tasks before deadline is much more important than result accuracy in such real time approximate computing applications. Based on the energy budget, the optional portions can be executed that determines the quality of service (QoS) of the system. In ideal scenario, sufficient energy budget is present that ensures completion of both mandatory and optional portions in a system with a pre-determined number of processors. However, if fault or malware attack occurs on one or more processors, then the system will cease to work and results may be fatal. In this work, we consider such a scenario where the processors may be faulty and stop functioning in post deployment phases or some malware may cause unexpected delays in processing or may cause unexpected power draining at runtime that will prevent the system from meeting its deadline. We propose a Security driven ENergy Aware Scheduler (SENAS) that works as a self aware agent. Initially, based on the available energy budget, SENAS determines which task is to be executed in which processor of a system. At runtime, SENAS constantly monitors the working of the processors and on detecting any anomaly in any of the processors, it reschedules its tasks at runtime by reducing execution of the optional portions of the tasks and ensuring completion before deadline with high QoS.
现在的实时近似计算应用程序,如图像和视频处理,涉及在一定时间或截止日期之前执行一组任务。除此之外,目前的系统有严格的能源预算,部署后不能改变。任务分为必选和可选两部分。在这种实时近似计算应用中,在截止日期之前完成所有任务的所有强制部分比结果准确性重要得多。可以根据能量预算执行可选部分,决定系统的QoS (quality of service)。在理想情况下,存在足够的能量预算,以确保在预先确定数量的处理器的系统中完成强制和可选部分。但是,如果在一个或多个处理器上发生故障或恶意软件攻击,则系统将停止工作,结果可能是致命的。在这项工作中,我们考虑这样一种场景:处理器可能出现故障,并在部署后阶段停止工作,或者一些恶意软件可能导致处理中的意外延迟,或者可能在运行时导致意外的功耗,从而阻止系统满足其截止日期。我们提出了一个安全驱动的能量感知调度程序(SENAS),它作为一个自我感知代理工作。最初,基于可用的能量预算,SENAS决定在系统的哪个处理器中执行哪个任务。在运行时,SENAS不断地监视处理器的工作,并且在检测到任何处理器中的任何异常时,它通过减少任务的可选部分的执行并确保在截止日期之前以高QoS完成其任务,从而在运行时重新安排任务。
{"title":"SENAS: Security driven ENergy Aware Scheduler for Real Time Approximate Computing Tasks on Multi-Processor Systems","authors":"Krishnendu Guha, S. Saha, K. Mcdonald-Maier","doi":"10.1109/IOLTS56730.2022.9897811","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897811","url":null,"abstract":"Present day real time approximate computing applications like image and video processing involves execution of a set of tasks before a certain amount of time or deadline. In addition to this, present day systems are associated with strict energy budget that cannot be changed post deployment. The tasks comprises of a mandatory and optional part. Completion of all mandatory portions of all tasks before deadline is much more important than result accuracy in such real time approximate computing applications. Based on the energy budget, the optional portions can be executed that determines the quality of service (QoS) of the system. In ideal scenario, sufficient energy budget is present that ensures completion of both mandatory and optional portions in a system with a pre-determined number of processors. However, if fault or malware attack occurs on one or more processors, then the system will cease to work and results may be fatal. In this work, we consider such a scenario where the processors may be faulty and stop functioning in post deployment phases or some malware may cause unexpected delays in processing or may cause unexpected power draining at runtime that will prevent the system from meeting its deadline. We propose a Security driven ENergy Aware Scheduler (SENAS) that works as a self aware agent. Initially, based on the available energy budget, SENAS determines which task is to be executed in which processor of a system. At runtime, SENAS constantly monitors the working of the processors and on detecting any anomaly in any of the processors, it reschedules its tasks at runtime by reducing execution of the optional portions of the tasks and ensuring completion before deadline with high QoS.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123506313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897297
Valentin Martinoli, Y. Teglia, Abdellah Bouagoun, R. Leveugle
In this work, we study the micro architectural vulnerabilities of the open-source RISC-V CPU named CVA6. We build a realistic scenario for extracting information and propose an analysis on how to reduce the impact of noise on the attack, while staying as close as possible to hardware level through baremetal simulations.
本文主要研究开源RISC-V CPU CVA6的微架构漏洞。我们构建了一个真实的信息提取场景,并提出了如何减少噪声对攻击的影响的分析,同时通过裸机模拟尽可能接近硬件水平。
{"title":"Recovering Information on the CVA6 RISC-V CPU with a Baremetal Micro-Architectural Covert Channel","authors":"Valentin Martinoli, Y. Teglia, Abdellah Bouagoun, R. Leveugle","doi":"10.1109/IOLTS56730.2022.9897297","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897297","url":null,"abstract":"In this work, we study the micro architectural vulnerabilities of the open-source RISC-V CPU named CVA6. We build a realistic scenario for extracting information and propose an analysis on how to reduce the impact of noise on the attack, while staying as close as possible to hardware level through baremetal simulations.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122773206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897815
C. Amarnath, Mohamed Mejri, Kwondo Ma, A. Chatterjee
Deep learning techniques have been widely adopted in daily life with applications ranging from face recognition to recommender systems. The substantial overhead of conventional error tolerance techniques precludes their widespread use, while approaches involving median filtering and invariant generation rely on alterations to DNN training that may be difficult to achieve for larger networks on larger datasets. To address this issue, this paper presents a novel approach taking advantage of the statistics of neuron output gradients to identify and suppress erroneous neuron values. By using the statistics of neurons’ gradients with respect to their neighbors, tighter statistical thresholds are obtained compared to the use of neuron output values alone. This approach is modular and is combined with accurate, low-overhead error detection methods to ensure it is used only when needed, further reducing its cost. Deep learning models can be trained using standard methods and our error correction module is fit to a trained DNN, achieving comparable or superior performance compared to baseline error correction methods while incurring comparable hardware overhead without needing to modify DNN training or utilize specialized hardware architectures.
{"title":"Soft Error Resilient Deep Learning Systems Using Neuron Gradient Statistics","authors":"C. Amarnath, Mohamed Mejri, Kwondo Ma, A. Chatterjee","doi":"10.1109/IOLTS56730.2022.9897815","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897815","url":null,"abstract":"Deep learning techniques have been widely adopted in daily life with applications ranging from face recognition to recommender systems. The substantial overhead of conventional error tolerance techniques precludes their widespread use, while approaches involving median filtering and invariant generation rely on alterations to DNN training that may be difficult to achieve for larger networks on larger datasets. To address this issue, this paper presents a novel approach taking advantage of the statistics of neuron output gradients to identify and suppress erroneous neuron values. By using the statistics of neurons’ gradients with respect to their neighbors, tighter statistical thresholds are obtained compared to the use of neuron output values alone. This approach is modular and is combined with accurate, low-overhead error detection methods to ensure it is used only when needed, further reducing its cost. Deep learning models can be trained using standard methods and our error correction module is fit to a trained DNN, achieving comparable or superior performance compared to baseline error correction methods while incurring comparable hardware overhead without needing to modify DNN training or utilize specialized hardware architectures.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124733778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897773
Arjun Chaudhuri, Sanmitra Banerjee, K. Chakrabarty
We present a neural twin-based structural test pattern generation method for stuck-at faults in systolic array-based AI inferencing accelerators. The neural twin is a neural representation of the gate-level netlist of a processing element and it provides a one-to-one topological correspondence with the PE netlist. We leverage neural twin-enabled backpropagation for gradient computation to determine an input pattern that sensitizes a fault in the netlist. Our framework also supports pattern compaction for a batch of faults. Consequently, GPU-accelerated test-pattern generation is achieved with the proposed framework that can potentially detect hard-to-detect and random-pattern-resistant faults in AI accelerators. Experimental results for 4-bit, 8-bit, and 16-bit fixed-point accelerator arrays show the effectiveness of the proposed method.
{"title":"Structural Test Generation for AI Accelerators using Neural Twins","authors":"Arjun Chaudhuri, Sanmitra Banerjee, K. Chakrabarty","doi":"10.1109/IOLTS56730.2022.9897773","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897773","url":null,"abstract":"We present a neural twin-based structural test pattern generation method for stuck-at faults in systolic array-based AI inferencing accelerators. The neural twin is a neural representation of the gate-level netlist of a processing element and it provides a one-to-one topological correspondence with the PE netlist. We leverage neural twin-enabled backpropagation for gradient computation to determine an input pattern that sensitizes a fault in the netlist. Our framework also supports pattern compaction for a batch of faults. Consequently, GPU-accelerated test-pattern generation is achieved with the proposed framework that can potentially detect hard-to-detect and random-pattern-resistant faults in AI accelerators. Experimental results for 4-bit, 8-bit, and 16-bit fixed-point accelerator arrays show the effectiveness of the proposed method.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114455903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897224
Michael Sekyere, M. Saikiran, Degang Chen
Backed by standards like ISO26262, achieving near 100% defect coverage is becoming a common reliability requirement in the ever-growing automotive industry. However, achieving high defect coverage in an analog circuit has been proven to be a difficult/expensive task even with sophisticated analog and digital testing circuitry. In this work, we present a simple design for testability (DfT) technique that achieves 98% defect coverage for operational amplifiers including Widlar current reference and biasing circuitry. Our robust testing method utilizes purely digital testing circuits and is extremely time-efficient reducing the test cost. The proposed method can be used both at production test and for on-line health monitoring post-deployment to detect zero-time and latent defects. Also, the digital nature of our method presents a way for defect localization through the recorded bit streams. In this work, we also introduce a simple method to detect defects in the Widlar current reference and the bias current circuit. We validate all our results using extensive transistor-level simulations in UMC65nm technology.
{"title":"All Digital Low-Cost Built-in Defect Testing Strategy for Operational Amplifiers with High Coverage","authors":"Michael Sekyere, M. Saikiran, Degang Chen","doi":"10.1109/IOLTS56730.2022.9897224","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897224","url":null,"abstract":"Backed by standards like ISO26262, achieving near 100% defect coverage is becoming a common reliability requirement in the ever-growing automotive industry. However, achieving high defect coverage in an analog circuit has been proven to be a difficult/expensive task even with sophisticated analog and digital testing circuitry. In this work, we present a simple design for testability (DfT) technique that achieves 98% defect coverage for operational amplifiers including Widlar current reference and biasing circuitry. Our robust testing method utilizes purely digital testing circuits and is extremely time-efficient reducing the test cost. The proposed method can be used both at production test and for on-line health monitoring post-deployment to detect zero-time and latent defects. Also, the digital nature of our method presents a way for defect localization through the recorded bit streams. In this work, we also introduce a simple method to detect defects in the Widlar current reference and the bias current circuit. We validate all our results using extensive transistor-level simulations in UMC65nm technology.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"59 17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115209990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, with the increase in outsourcing of IC design and manufacturing, the possibility of inserting hardware Trojans, which are circuits with malicious functions, has been pointed out. To prevent this threat, a method to identify hardware Trojans using neural networks has been proposed. On the other hand, adversarial attacks have emerged that modify circuit design information to reduce the accuracy of hardware-Trojan classification by neural networks. Since the features designed by existing methods do not take the attacks into account, it is necessary to consider a new method for countermeasures. In this paper, out of 76 features that are strongly related to hardware-Trojan features, we investigate them from the viewpoint of the robustness against the adversarial attacks on circuit design information and newly propose 24 hardware-Trojan features. We compare the classifiers using the proposed 24 features with the classifiers using 11, 36, 51, and 76 existing features, respectively and confirm that the proposed ones are more robust in identifying hardware Trojans in circuits subjected to the adversarial attacks.
{"title":"Effective Hardware-Trojan Feature Extraction Against Adversarial Attacks at Gate-Level Netlists","authors":"Kazuki Yamashita, Tomohiro Kato, Kento Hasegawa, Seira Hidano, Kazuhide Fukushima, N. Togawa","doi":"10.1109/IOLTS56730.2022.9897557","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897557","url":null,"abstract":"Recently, with the increase in outsourcing of IC design and manufacturing, the possibility of inserting hardware Trojans, which are circuits with malicious functions, has been pointed out. To prevent this threat, a method to identify hardware Trojans using neural networks has been proposed. On the other hand, adversarial attacks have emerged that modify circuit design information to reduce the accuracy of hardware-Trojan classification by neural networks. Since the features designed by existing methods do not take the attacks into account, it is necessary to consider a new method for countermeasures. In this paper, out of 76 features that are strongly related to hardware-Trojan features, we investigate them from the viewpoint of the robustness against the adversarial attacks on circuit design information and newly propose 24 hardware-Trojan features. We compare the classifiers using the proposed 24 features with the classifiers using 11, 36, 51, and 76 existing features, respectively and confirm that the proposed ones are more robust in identifying hardware Trojans in circuits subjected to the adversarial attacks.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130217910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897308
Nadir Casciola, Edoardo Giusto, Emanuel A. Dri, Daniel Oliveira, P. Rech, B. Montrucchio
Quantum Computing is a highly promising new computation paradigm. Unfortunately, quantum bits (qubits) are extremely fragile and their state can be gradually or suddenly modified by intrinsic noise or external perturbation. In this paper, we target the sensitivity of quantum circuits to radiation-induced transient faults. We consider quantum circuit cuts that split the circuit into smaller independent portions, and understand how faults propagate in each portion. As we show, the cuts have different vulnerabilities, and our methodology successfully identifies the circuit portion that is more likely to contribute to the overall circuit error rate. Our evaluation shows that a circuit cut can have a 4.6 x higher probability than the other cuts, when corrupted, to modify the circuit output. Our study, identifying the most critical cuts, moves towards the possibility of implementing a selective hardening for quantum circuits.
{"title":"Understanding the Impact of Cutting in Quantum Circuits Reliability to Transient Faults","authors":"Nadir Casciola, Edoardo Giusto, Emanuel A. Dri, Daniel Oliveira, P. Rech, B. Montrucchio","doi":"10.1109/IOLTS56730.2022.9897308","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897308","url":null,"abstract":"Quantum Computing is a highly promising new computation paradigm. Unfortunately, quantum bits (qubits) are extremely fragile and their state can be gradually or suddenly modified by intrinsic noise or external perturbation. In this paper, we target the sensitivity of quantum circuits to radiation-induced transient faults. We consider quantum circuit cuts that split the circuit into smaller independent portions, and understand how faults propagate in each portion. As we show, the cuts have different vulnerabilities, and our methodology successfully identifies the circuit portion that is more likely to contribute to the overall circuit error rate. Our evaluation shows that a circuit cut can have a 4.6 x higher probability than the other cuts, when corrupted, to modify the circuit output. Our study, identifying the most critical cuts, moves towards the possibility of implementing a selective hardening for quantum circuits.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"241 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122630742","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/IOLTS56730.2022.9897693
Kevin Hector, Mathieu Dumont, Pierre-Alain Moëllic, J. Dutertre
Deep neural network models are massively deployed on a wide variety of hardware platforms. This results in the appearance of new attack vectors that significantly extend the standard attack surface, extensively studied by the adversarial machine learning community. One of the first attack that aims at drastically dropping the performance of a model by targeting its parameters stored in memory, is the Bit-Flip Attack (BFA). In this work, we point out several evaluation challenges related to the BFA. First, the lack of an adversary’s budget in the standard threat model is problematic, especially when dealing with physical attacks. Moreover, since the BFA presents critical variability, we discuss the influence of some training parameters and the importance of the model architecture. This work is the first to present the impact of the BFA against fully-connected architectures that present different behaviors compared to convolutional neural networks. These results highlight the importance of defining robust and sound evaluation methodologies to properly evaluate the dangers of parameter-based attacks as well as measure the real level of robustness offered by a defense.
{"title":"A Closer Look at Evaluating the Bit-Flip Attack Against Deep Neural Networks","authors":"Kevin Hector, Mathieu Dumont, Pierre-Alain Moëllic, J. Dutertre","doi":"10.1109/IOLTS56730.2022.9897693","DOIUrl":"https://doi.org/10.1109/IOLTS56730.2022.9897693","url":null,"abstract":"Deep neural network models are massively deployed on a wide variety of hardware platforms. This results in the appearance of new attack vectors that significantly extend the standard attack surface, extensively studied by the adversarial machine learning community. One of the first attack that aims at drastically dropping the performance of a model by targeting its parameters stored in memory, is the Bit-Flip Attack (BFA). In this work, we point out several evaluation challenges related to the BFA. First, the lack of an adversary’s budget in the standard threat model is problematic, especially when dealing with physical attacks. Moreover, since the BFA presents critical variability, we discuss the influence of some training parameters and the importance of the model architecture. This work is the first to present the impact of the BFA against fully-connected architectures that present different behaviors compared to convolutional neural networks. These results highlight the importance of defining robust and sound evaluation methodologies to properly evaluate the dangers of parameter-based attacks as well as measure the real level of robustness offered by a defense.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132460035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-12DOI: 10.1109/iolts56730.2022.9897687
{"title":"IOLTS 2022 Foreword","authors":"","doi":"10.1109/iolts56730.2022.9897687","DOIUrl":"https://doi.org/10.1109/iolts56730.2022.9897687","url":null,"abstract":"","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130507409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: