HRAE: Hardware-assisted Randomization against Adversarial Example Attacks

With the rapid advancements of the artificial intelligence, machine learning, especially neural networks, have shown huge superiority over humans in image recognition, autonomous vehicles and medical diagnosis. However, its opacity and inexplicability provide many chances for malicious attackers. Recent researches have shown that neural networks are vulnerable to adversarial example (AE) attacks. In the testing stage, it fools the model by adding subtle perturbations to the original sample to misclassify the input, which poses a serious threat to safety-critical areas such as autonomous driving. In order to mitigate this threat, this paper proposes a hardware-assisted randomization method against AEs, where an approximate computing technique in hardware, voltage over-scaling (VOS), is used to randomize the training set of the model, then the processed data are used to generate multiple neural network models, finally multiple redundant models are used for the integrated classification and detection of the AEs. Various AE attacks on the proposed defense are evaluated to prove its effectiveness.