Presents corrections to the paper, (Erratum to “A Reconfigurable Spatial Architecture for Energy-Efficient Inception Neural Networks”).
提出对论文的更正("A Reconfigurable Spatial Architecture for Energy-Efficient Inception Neural Networks "的勘误)。
{"title":"Erratum to “A Reconfigurable Spatial Architecture for Energy-Efficient Inception Neural Networks”","authors":"Lichuan Luo;Wang Kang;Junzhan Liu;He Zhang;Youguang Zhang;Dijun Liu;Peng Ouyang","doi":"10.1109/JETCAS.2024.3464190","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3464190","url":null,"abstract":"Presents corrections to the paper, (Erratum to “A Reconfigurable Spatial Architecture for Energy-Efficient Inception Neural Networks”).","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"834-834"},"PeriodicalIF":3.7,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10799921","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821167","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-13DOI: 10.1109/JETCAS.2024.3502897
{"title":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems Publication Information","authors":"","doi":"10.1109/JETCAS.2024.3502897","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3502897","url":null,"abstract":"","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"C2-C2"},"PeriodicalIF":3.7,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10799919","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-13DOI: 10.1109/JETCAS.2024.3502895
{"title":"IEEE Circuits and Systems Society Information","authors":"","doi":"10.1109/JETCAS.2024.3502895","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3502895","url":null,"abstract":"","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"C3-C3"},"PeriodicalIF":3.7,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10799541","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Guest Editorial: Toward Trustworthy AI: Advances in Circuits, Systems, and Applications","authors":"Shih-Hsu Huang;Pin-Yu Chen;Stjepan Picek;Chip-Hong Chang","doi":"10.1109/JETCAS.2024.3497232","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3497232","url":null,"abstract":"","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"577-581"},"PeriodicalIF":3.7,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10799920","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-11DOI: 10.1109/JETCAS.2024.3515055
Azin Izadi;Vahid Jamshidi
Numerical computations in various applications can often tolerate a small degree of error. In fields such as data mining, encoding algorithms, image processing, machine learning, and signal processing where error resilience is crucial approximate computing can effectively replace precise computing to minimize circuit delay and power consumption. In these contexts, a certain level of error is permissible. Multiplication, a fundamental arithmetic operation in computer systems, often leads to increased circuit delay, power usage, and area occupation when performed accurately by multipliers, which are key components in these applications. Thus, developing an optimal multiplier represents a significant advantage for inexact computing systems. In this paper, we introduce a novel approximate multiplier based on the Mitchell algorithm. The proposed design has been implemented using the Cadence software environment with the TSMC 45nm standard-cell library and a supply voltage of 1.1V. Simulation results demonstrate an average reduction of 31.7% in area, 46.8% in power consumption, and 36.1% in circuit delay compared to previous works. The mean relative error distance (MRED) for the proposed method is recorded at 2.6%.
{"title":"LSHIM: Low-Power and Small-Area Inexact Multiplier for High-Speed Error-Resilient Applications","authors":"Azin Izadi;Vahid Jamshidi","doi":"10.1109/JETCAS.2024.3515055","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3515055","url":null,"abstract":"Numerical computations in various applications can often tolerate a small degree of error. In fields such as data mining, encoding algorithms, image processing, machine learning, and signal processing where error resilience is crucial approximate computing can effectively replace precise computing to minimize circuit delay and power consumption. In these contexts, a certain level of error is permissible. Multiplication, a fundamental arithmetic operation in computer systems, often leads to increased circuit delay, power usage, and area occupation when performed accurately by multipliers, which are key components in these applications. Thus, developing an optimal multiplier represents a significant advantage for inexact computing systems. In this paper, we introduce a novel approximate multiplier based on the Mitchell algorithm. The proposed design has been implemented using the Cadence software environment with the TSMC 45nm standard-cell library and a supply voltage of 1.1V. Simulation results demonstrate an average reduction of 31.7% in area, 46.8% in power consumption, and 36.1% in circuit delay compared to previous works. The mean relative error distance (MRED) for the proposed method is recorded at 2.6%.","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"15 1","pages":"94-104"},"PeriodicalIF":3.7,"publicationDate":"2024-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143602011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Adversarial examples make Deep Learning (DL) models vulnerable to safe deployment in practical systems. Although several techniques have been proposed in the literature, defending against adversarial attacks is still challenging. The current work identifies weaknesses of traditional strategies in detecting and classifying adversarial examples. To overcome these limitations, we carefully analyze techniques like binary detector and ensemble method, and compose them in a manner which mitigates the limitations. We also effectively develop a re-attack strategy, a randomization technique called RRP (Random Resizing and Patch-removing), and a rule-based decision method. Our proposed method, BEARR (Binary detector with Ensemble and re-Attacking scheme including Randomization and Rule-based decision technique) detects adversarial examples as well as classifies those examples with a higher accuracy compared to contemporary methods. We evaluate BEARR on standard image classification datasets: CIFAR-10, CIFAR-100, and tiny-imagenet as well as two real-world datasets: plantvillage and chest X-ray in the presence of state-of-the-art adversarial attack techniques. We have also validated BEARR against a more potent attacker who has perfect knowledge of the protection mechanism. We observe that BEARR is significantly better than existing methods in the context of detection and classification accuracy of adversarial examples.
{"title":"Decision Guided Robust DL Classification of Adversarial Images Combining Weaker Defenses","authors":"Shubhajit Datta;Manaar Alam;Arijit Mondal;Debdeep Mukhopadhyay;Partha Pratim Chakrabarti","doi":"10.1109/JETCAS.2024.3497295","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3497295","url":null,"abstract":"Adversarial examples make Deep Learning (DL) models vulnerable to safe deployment in practical systems. Although several techniques have been proposed in the literature, defending against adversarial attacks is still challenging. The current work identifies weaknesses of traditional strategies in detecting and classifying adversarial examples. To overcome these limitations, we carefully analyze techniques like binary detector and ensemble method, and compose them in a manner which mitigates the limitations. We also effectively develop a re-attack strategy, a randomization technique called RRP (Random Resizing and Patch-removing), and a rule-based decision method. Our proposed method, BEARR (Binary detector with Ensemble and re-Attacking scheme including Randomization and Rule-based decision technique) detects adversarial examples as well as classifies those examples with a higher accuracy compared to contemporary methods. We evaluate BEARR on standard image classification datasets: CIFAR-10, CIFAR-100, and tiny-imagenet as well as two real-world datasets: plantvillage and chest X-ray in the presence of state-of-the-art adversarial attack techniques. We have also validated BEARR against a more potent attacker who has perfect knowledge of the protection mechanism. We observe that BEARR is significantly better than existing methods in the context of detection and classification accuracy of adversarial examples.","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"758-772"},"PeriodicalIF":3.7,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-04DOI: 10.1109/JETCAS.2024.3491497
Debopriya Roy Dipta;Jonathan Tan;Berk Gulmezoglu
Microarchitectural attacks threaten the security of individuals in a diverse set of platforms, such as personal computers, mobile phones, cloud environments, and AR/VR devices. Chip vendors are struggling to patch every hardware vulnerability in a timely manner, leaving billions of people’s private information under threat. Hence, dynamic attack detection tools which utilize hardware performance counters and machine learning (ML) models, have become popular for detecting ongoing attacks. In this study, we evaluate the robustness of various ML-based detection models with a sophisticated fuzzing framework. The framework manipulates hardware performance counters in a controlled manner using individual fuzzing blocks. Later, the framework is leveraged to modify the microarchitecture attack source code and to evade the detection tools. We evaluate our fuzzing framework with time overhead, achieved leakage rate, and the number of trials to successfully evade the detection.
{"title":"Systematical Evasion From Learning-Based Microarchitectural Attack Detection Tools","authors":"Debopriya Roy Dipta;Jonathan Tan;Berk Gulmezoglu","doi":"10.1109/JETCAS.2024.3491497","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3491497","url":null,"abstract":"Microarchitectural attacks threaten the security of individuals in a diverse set of platforms, such as personal computers, mobile phones, cloud environments, and AR/VR devices. Chip vendors are struggling to patch every hardware vulnerability in a timely manner, leaving billions of people’s private information under threat. Hence, dynamic attack detection tools which utilize hardware performance counters and machine learning (ML) models, have become popular for detecting ongoing attacks. In this study, we evaluate the robustness of various ML-based detection models with a sophisticated fuzzing framework. The framework manipulates hardware performance counters in a controlled manner using individual fuzzing blocks. Later, the framework is leveraged to modify the microarchitecture attack source code and to evade the detection tools. We evaluate our fuzzing framework with time overhead, achieved leakage rate, and the number of trials to successfully evade the detection.","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"823-833"},"PeriodicalIF":3.7,"publicationDate":"2024-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-04DOI: 10.1109/JETCAS.2024.3491169
Tian Chen;Yu-An Tan;Chunying Li;Zheng Zhang;Weizhi Meng;Yuanzhang Li
With the increasing popularity of heterogeneous computing systems in Artificial Intelligence (AI) applications, ensuring the confidentiality and integrity of sensitive data transferred between different elements has become a critical challenge. In this paper, we propose an enhanced security framework called SecureComm to protect data transfer between ARM CPU and FPGA through Double Data Rate (DDR) memory on CPU-FPGA heterogeneous platforms. SecureComm extends the SM4 crypto module by incorporating a proposed Message Authentication Code (MAC) to ensure data confidentiality and integrity. It also constructs smart queues in the shared memory of DDR, which work in conjunction with the designed protocols to help schedule data flow and facilitate flexible adaptation to various AI tasks with different data scales. Furthermore, some of the hardware modules of SecureComm are improved and encapsulated as independent IPs to increase their versatility beyond the scope of this paper. We implemented several ARM CPU-FPGA collaborative AI applications to justify the security and evaluate the timing overhead of SecureComm. We also deployed SecureComm to non-AI tasks to demonstrate its versatility, ultimately offering suggestions for its use in tasks of varying data scales.
{"title":"SecureComm: A Secure Data Transfer Framework for Neural Network Inference on CPU-FPGA Heterogeneous Edge Devices","authors":"Tian Chen;Yu-An Tan;Chunying Li;Zheng Zhang;Weizhi Meng;Yuanzhang Li","doi":"10.1109/JETCAS.2024.3491169","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3491169","url":null,"abstract":"With the increasing popularity of heterogeneous computing systems in Artificial Intelligence (AI) applications, ensuring the confidentiality and integrity of sensitive data transferred between different elements has become a critical challenge. In this paper, we propose an enhanced security framework called SecureComm to protect data transfer between ARM CPU and FPGA through Double Data Rate (DDR) memory on CPU-FPGA heterogeneous platforms. SecureComm extends the SM4 crypto module by incorporating a proposed Message Authentication Code (MAC) to ensure data confidentiality and integrity. It also constructs smart queues in the shared memory of DDR, which work in conjunction with the designed protocols to help schedule data flow and facilitate flexible adaptation to various AI tasks with different data scales. Furthermore, some of the hardware modules of SecureComm are improved and encapsulated as independent IPs to increase their versatility beyond the scope of this paper. We implemented several ARM CPU-FPGA collaborative AI applications to justify the security and evaluate the timing overhead of SecureComm. We also deployed SecureComm to non-AI tasks to demonstrate its versatility, ultimately offering suggestions for its use in tasks of varying data scales.","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"811-822"},"PeriodicalIF":3.7,"publicationDate":"2024-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This work describes an approach towards pixel quantization using variable resolution which is made feasible using image transformation in the analog domain. The main aim is to reduce the average bits-per-pixel (BPP) necessary for representing an image while maintaining the classification accuracy of a Convolutional Neural Network (CNN) that is trained for image classification. The proposed algorithm is based on the Hadamard transform that leads to a low-resolution variable quantization by the analog-to-digital converter (ADC) thus reducing the power dissipation in hardware at the sensor node. Despite the trade-offs inherent in image transformation, the proposed algorithm achieves competitive accuracy levels across various image sizes and ADC configurations, highlighting the importance of considering both accuracy and power consumption in edge computing applications. The schematic of a novel 1.5 bit ADC that incorporates the Hadamard transform is also proposed. A hardware implementation of the analog transformation followed by software-based variable quantization is done for the CIFAR-10 test dataset. The digitized data shows that the network can still identify transformed images with a remarkable 90% accuracy for 3-BPP transformed images following the proposed method.
{"title":"Variable Resolution Pixel Quantization for Low Power Machine Vision Application on Edge","authors":"Senorita Deb;Sai Sanjeet;Prabir Kumar Biswas;Bibhu Datta Sahoo","doi":"10.1109/JETCAS.2024.3490504","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3490504","url":null,"abstract":"This work describes an approach towards pixel quantization using variable resolution which is made feasible using image transformation in the analog domain. The main aim is to reduce the average bits-per-pixel (BPP) necessary for representing an image while maintaining the classification accuracy of a Convolutional Neural Network (CNN) that is trained for image classification. The proposed algorithm is based on the Hadamard transform that leads to a low-resolution variable quantization by the analog-to-digital converter (ADC) thus reducing the power dissipation in hardware at the sensor node. Despite the trade-offs inherent in image transformation, the proposed algorithm achieves competitive accuracy levels across various image sizes and ADC configurations, highlighting the importance of considering both accuracy and power consumption in edge computing applications. The schematic of a novel 1.5 bit ADC that incorporates the Hadamard transform is also proposed. A hardware implementation of the analog transformation followed by software-based variable quantization is done for the CIFAR-10 test dataset. The digitized data shows that the network can still identify transformed images with a remarkable 90% accuracy for 3-BPP transformed images following the proposed method.","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"15 1","pages":"58-71"},"PeriodicalIF":3.7,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143601937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-30DOI: 10.1109/JETCAS.2024.3488597
Dong Hyub Kim;Jonah O’Brien Weiss;Sandip Kundu
Deep Neural Networks (DNNs) have become invaluable intellectual property for AI providers due to advancements fueled by a decade of research and development. However, recent studies have demonstrated the effectiveness of model extraction attacks, which threaten this value by stealing DNN models. These attacks can lead to misuse of personal data, safety risks in critical systems, and the spread of misinformation. This paper explores model extraction attacks on DNN models deployed on mobile devices, using runtime profiles as a side-channel. Since mobile devices are resource constrained, DNN deployments require optimization efforts to reduce latency. The main hurdle in extracting DNN architectures in this scenario is that optimization techniques, such as operator-level and graph-level fusion, can obfuscate the association between runtime profile operators and their corresponding DNN layers, posing challenges for adversaries to accurately predict the computation performed. To overcome this, we propose a novel method analyzing GPU call profiles to identify the original DNN architecture. Our approach achieves full accuracy in extracting DNN architectures from a predefined set, even when layer information is obscured. For unseen architectures, a layer-by-layer hyperparameter extraction method guided by sub-layer patterns is introduced, also achieving high accuracy. This research achieves two firsts: 1) targeting mobile GPUs for DNN architecture extraction and 2) successfully extracting architectures from optimized models with fused layers.
{"title":"Extracting DNN Architectures via Runtime Profiling on Mobile GPUs","authors":"Dong Hyub Kim;Jonah O’Brien Weiss;Sandip Kundu","doi":"10.1109/JETCAS.2024.3488597","DOIUrl":"https://doi.org/10.1109/JETCAS.2024.3488597","url":null,"abstract":"Deep Neural Networks (DNNs) have become invaluable intellectual property for AI providers due to advancements fueled by a decade of research and development. However, recent studies have demonstrated the effectiveness of model extraction attacks, which threaten this value by stealing DNN models. These attacks can lead to misuse of personal data, safety risks in critical systems, and the spread of misinformation. This paper explores model extraction attacks on DNN models deployed on mobile devices, using runtime profiles as a side-channel. Since mobile devices are resource constrained, DNN deployments require optimization efforts to reduce latency. The main hurdle in extracting DNN architectures in this scenario is that optimization techniques, such as operator-level and graph-level fusion, can obfuscate the association between runtime profile operators and their corresponding DNN layers, posing challenges for adversaries to accurately predict the computation performed. To overcome this, we propose a novel method analyzing GPU call profiles to identify the original DNN architecture. Our approach achieves full accuracy in extracting DNN architectures from a predefined set, even when layer information is obscured. For unseen architectures, a layer-by-layer hyperparameter extraction method guided by sub-layer patterns is introduced, also achieving high accuracy. This research achieves two firsts: 1) targeting mobile GPUs for DNN architecture extraction and 2) successfully extracting architectures from optimized models with fused layers.","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"620-633"},"PeriodicalIF":3.7,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142821286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: