Title | Entropy-Based Modeling for Estimating Adversarial Bit-flip Attack Impact on Binarized Neural Network |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Khoshavi, Navid, Sargolzaei, Saman, Bi, Yu, Roohi, Arman |
Conference Name | 2021 26th Asia and South Pacific Design Automation Conference (ASP-DAC) |
Keywords | bit-flip attack, black-box attack, Deep Neural Network accelerator, image classification, machine learning, Network topology, neural network resiliency, Neural networks, pubcrawl, resilience, Resiliency, security, Sensitivity, statistical model, Topology, White-Box attack |
Abstract | Over past years, the high demand to efficiently process deep learning (DL) models has driven the market of the chip design companies. However, the new Deep Chip architectures, a common term to refer to DL hardware accelerator, have slightly paid attention to the security requirements in quantized neural networks (QNNs), while the black/white -box adversarial attacks can jeopardize the integrity of the inference accelerator. Therefore in this paper, a comprehensive study of the resiliency of QNN topologies to black-box attacks is examined. Herein, different attack scenarios are performed on an FPGA-processor co-design, and the collected results are extensively analyzed to give an estimation of the impact's degree of different types of attacks on the QNN topology. To be specific, we evaluated the sensitivity of the QNN accelerator to a range number of bit-flip attacks (BFAs) that might occur in the operational lifetime of the device. The BFAs are injected at uniformly distributed times either across the entire QNN or per individual layer during the image classification. The acquired results are utilized to build the entropy-based model that can be leveraged to construct resilient QNN architectures to bit-flip attacks. |
Citation Key | khoshavi_entropy-based_2021 |