神经网络加速器中的顺序触发硬件木马

2020 IEEE 38th VLSI Test Symposium (VTS) Pub Date : 2020-04-01 DOI:10.1109/VTS48691.2020.9107582

Zizhen Liu, Jing Ye, Xing Hu, Huawei Li, Xiaowei Li, Yu Hu

{"title":"神经网络加速器中的顺序触发硬件木马","authors":"Zizhen Liu, Jing Ye, Xing Hu, Huawei Li, Xiaowei Li, Yu Hu","doi":"10.1109/VTS48691.2020.9107582","DOIUrl":null,"url":null,"abstract":"With the rapid development of deep learning techniques, the security issue for Neural Network (NN) systems has emerged as an urgent and severe problem. Hardware Trojan attack is one of the threatens, which provides attackers backdoors to control the prediction results of NN systems. This paper proposes a sequence triggered hardware Trojan. Normal images but with specific sequence are used to trigger the hardware Trojan and let attackers fully control the prediction results. This kind of trigger is not only robust to image pre-processing, but also unrecognizable by human beings. In comparison with existing hardware Trojan design, it is more practical and less hardware overhead. The experiments on MNIST, CIFAR100, and ISLVRC show that the proposed hardware Trojan is rarely triggered in normal working status while the hardware cost is reduced by 19X.","PeriodicalId":326132,"journal":{"name":"2020 IEEE 38th VLSI Test Symposium (VTS)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Sequence Triggered Hardware Trojan in Neural Network Accelerator\",\"authors\":\"Zizhen Liu, Jing Ye, Xing Hu, Huawei Li, Xiaowei Li, Yu Hu\",\"doi\":\"10.1109/VTS48691.2020.9107582\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the rapid development of deep learning techniques, the security issue for Neural Network (NN) systems has emerged as an urgent and severe problem. Hardware Trojan attack is one of the threatens, which provides attackers backdoors to control the prediction results of NN systems. This paper proposes a sequence triggered hardware Trojan. Normal images but with specific sequence are used to trigger the hardware Trojan and let attackers fully control the prediction results. This kind of trigger is not only robust to image pre-processing, but also unrecognizable by human beings. In comparison with existing hardware Trojan design, it is more practical and less hardware overhead. The experiments on MNIST, CIFAR100, and ISLVRC show that the proposed hardware Trojan is rarely triggered in normal working status while the hardware cost is reduced by 19X.\",\"PeriodicalId\":326132,\"journal\":{\"name\":\"2020 IEEE 38th VLSI Test Symposium (VTS)\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 38th VLSI Test Symposium (VTS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/VTS48691.2020.9107582\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 38th VLSI Test Symposium (VTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VTS48691.2020.9107582","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

随着深度学习技术的迅速发展，神经网络系统的安全问题已经成为一个迫切而严峻的问题。硬件木马攻击是其中一种威胁，它为攻击者控制神经网络系统的预测结果提供了后门。提出了一种序列触发的硬件木马。利用具有特定序列的正常图像触发硬件木马，让攻击者完全控制预测结果。这种触发器不仅对图像预处理具有鲁棒性，而且难以被人类识别。与现有的硬件木马设计相比，它更实用，硬件开销更小。在MNIST、CIFAR100和ISLVRC上的实验表明，所提出的硬件木马在正常工作状态下很少被触发，硬件成本降低了19倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Sequence Triggered Hardware Trojan in Neural Network Accelerator

With the rapid development of deep learning techniques, the security issue for Neural Network (NN) systems has emerged as an urgent and severe problem. Hardware Trojan attack is one of the threatens, which provides attackers backdoors to control the prediction results of NN systems. This paper proposes a sequence triggered hardware Trojan. Normal images but with specific sequence are used to trigger the hardware Trojan and let attackers fully control the prediction results. This kind of trigger is not only robust to image pre-processing, but also unrecognizable by human beings. In comparison with existing hardware Trojan design, it is more practical and less hardware overhead. The experiments on MNIST, CIFAR100, and ISLVRC show that the proposed hardware Trojan is rarely triggered in normal working status while the hardware cost is reduced by 19X.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE 38th VLSI Test Symposium (VTS)

自引率

0.00%

发文量

期刊最新文献

SNIFU: Secure Network Interception for Firmware Updates in legacy PLCs A Deterministic-Statistical Multiple-Defect Diagnosis Methodology Innovative Practice on Wafer Test Innovations Ultra-Wideband Modulation Signal Measurement Using Local Sweep Digitizing Method ATTEST: Application-Agnostic Testing of a Novel Transistor-Level Programmable Fabric