Deterministic and Statistical Strategies to Protect ANNs against Fault Injection Attacks

Conference paper (2021)

Authors

T.C. Köylü Computer Engineering - EEMCS
Cezar Reinbrecht Computer Engineering - EEMCS
S. Hamdioui Quantum & Computer Engineering
M. Taouil Computer Engineering - EEMCS
Research Group
Computer Engineering (EEMCS) (TU Delft)
Copyright: © 2021 T.C. Köylü, Cezar Reinbrecht, S. Hamdioui, M. Taouil
DOI
help_outline
https://doi.org/10.1109/PST52912.2021.9647763
Machine learning Countermeasures Artificial neural networks Fault Injection
More Info
expand_more

Published Date

2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Quantum & Computer Engineering

Research Group

Computer Engineering

Abstract

Artificial neural networks are currently used for many tasks, including safety critical ones such as automated driving. Hence, it is very important to protect them against faults and fault attacks. In this work, we propose two fault injection attack detection mechanisms: one based on using output labels for a reference input, and the other on the activations of neurons. First, we calibrate our detectors during normal conditions. Thereafter, we verify them to maximize fault detection performance. To prove the effectiveness of our solution, we consider highly employed neural networks (AlexNet, GoogleNet, and VGG) with their associated dataset ImageNet. Our results show that for both detectors we are able to obtain a high rate of coverage against faults, typically above 96%. Moreover, the hardware and software implementations of our detector indicate an extremely low area and time overhead.