Deterministic and Statistical Strategies to Protect ANNs against Fault Injection Attacks

Deterministic and Statistical Strategies to Protect ANNs against Fault Injection Attacks

Köylü, T.C. (TU Delft Computer Engineering)
Reinbrecht, Cezar (TU Delft Computer Engineering)
Hamdioui, S. (TU Delft Quantum & Computer Engineering)
Taouil, M. (TU Delft Computer Engineering)

Quantum & Computer Engineering

2021

Artificial neural networks are currently used for many tasks, including safety critical ones such as automated driving. Hence, it is very important to protect them against faults and fault attacks. In this work, we propose two fault injection attack detection mechanisms: one based on using output labels for a reference input, and the other on the activations of neurons. First, we calibrate our detectors during normal conditions. Thereafter, we verify them to maximize fault detection performance. To prove the effectiveness of our solution, we consider highly employed neural networks (AlexNet, GoogleNet, and VGG) with their associated dataset ImageNet. Our results show that for both detectors we are able to obtain a high rate of coverage against faults, typically above 96%. Moreover, the hardware and software implementations of our detector indicate an extremely low area and time overhead.

Fault Injection
Countermeasures
Artificial neural networks
Machine learning

http://resolver.tudelft.nl/uuid:341ae459-f1a4-4346-aff9-45c7ed14c446

https://doi.org/10.1109/PST52912.2021.9647763

IEEE, Piscataway

978-1-6654-0185-2

2021 18th International Conference on Privacy, Security and Trust (PST)

18th Annual International Conference on Privacy, Security and Trust (PST2021), 2021-12-13 → 2021-12-15, Virtual at Auckland, New Zealand

2021 18th International Conference on Privacy, Security and Trust, PST 2021

Institutional Repository

conference paper

© 2021 T.C. Köylü, Cezar Reinbrecht, S. Hamdioui, M. Taouil