| Title | NASGuard: A Novel Accelerator Architecture for Robust Neural Architecture Search (NAS) Networks |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Wang, Xingbin, Zhao, Boyan, HOU, RUI, Awad, Amro, Tian, Zhihong, Meng, Dan |
| Conference Name | 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA) |
| Date Published | jun |
| Keywords | Accelerator architectures, adversarial example, Computational modeling, Deep Learning, DNN accelerator, Network Security Architecture, Neural networks, parallel processing, pubcrawl, resilience, Resiliency, Robust NAS network, Robustness, search problems |
| Abstract | Due to the wide deployment of deep learning applications in safety-critical systems, robust and secure execution of deep learning workloads is imperative. Adversarial examples, where the inputs are carefully designed to mislead the machine learning model is among the most challenging attacks to detect and defeat. The most dominant approach for defending against adversarial examples is to systematically create a network architecture that is sufficiently robust. Neural Architecture Search (NAS) has been heavily used as the de facto approach to design robust neural network models, by using the accuracy of detecting adversarial examples as a key metric of the neural network's robustness. While NAS has been proven effective in improving the robustness (and accuracy in general), the NAS-generated network models run noticeably slower on typical DNN accelerators than the hand-crafted networks, mainly because DNN accelerators are not optimized for robust NAS-generated models. In particular, the inherent multi-branch nature of NAS-generated networks causes unacceptable performance and energy overheads.To bridge the gap between the robustness and performance efficiency of deep learning applications, we need to rethink the design of AI accelerators to enable efficient execution of robust (auto-generated) neural networks. In this paper, we propose a novel hardware architecture, NASGuard, which enables efficient inference of robust NAS networks. NASGuard leverages a heuristic multi-branch mapping model to improve the efficiency of the underlying computing resources. Moreover, NASGuard addresses the load imbalance problem between the computation and memory-access tasks from multi-branch parallel computing. Finally, we propose a topology-aware performance prediction model for data prefetching, to fully exploit the temporal and spatial localities of robust NAS-generated architectures. We have implemented NASGuard with Verilog RTL. The evaluation results show that NASGuard achieves an average speedup of 1.74x over the baseline DNN accelerator. |
| DOI | 10.1109/ISCA52012.2021.00066 |
| Citation Key | wang_nasguard_2021 |
NASGuard: A Novel Accelerator Architecture for Robust Neural Architecture Search (NAS) Networks