Research

Computer Sciences and Information Technology

Title :

Design and Implementation of a Robust Machine Learning Hardware Accelerator with Adversarial Fault Attack Countermeasures

Area of research :

Computer Sciences and Information Technology

Focus area :

Machine Learning, Hardware Security

Principal Investigator :

Dr. Utsav Banerjee, Indian Institute Of Science, Bangalore, Karnataka

Timeline Start Year :

2024

Timeline End Year :

2026

Contact info :

Details

Executive Summary :

Neural network hardware accelerators are becoming increasingly popular due to their ability to efficiently execute complex machine learning training and inference tasks, thus making them essential for many applications, including autonomous vehicles, robotics, and healthcare. However, these hardware accelerators are vulnerable to various adversarial attacks, including fault attacks, which can compromise their security and integrity. For example, an attacker could modify the weights and/or activations of a neural network using bit flips, causing the network to misclassify inputs, or insert a malicious hardware trojan that modifies its behaviour. Such attacks can have serious consequences, such as autonomous vehicles misidentifying traffic signs or medical equipment misdiagnosing patients. This makes the design of robust machine learning hardware accelerators resilient to adversarial fault attacks crucial for ensuring the safety and security of machine learning systems in various domains, including autonomous vehicles, medical equipment, and cybersecurity. Although software countermeasures have been explored against such adversarial fault attacks on neural network implementations, hardware-oriented techniques are yet to be implemented. Therefore, a robust machine learning hardware accelerator is proposed which can withstand these sophisticated attacks through circuit-level and architecture-level countermeasures while also maintaining performance. The proposed hardware accelerator will integrate a defender module with the traditional architecture to encrypt and decrypt the contents of off-chip DRAM while also performing error detection and correction to counter malicious data corruption in the memory. A lightweight cipher with masking-based side-channel countermeasure will be used for the encryption / decryption. The error correction codes will be embedded into the less significant bits of the neural network weights and activations, and the networks will be re-trained for accuracy. The proposed hardware accelerator will be implemented on FPGA platform with on-board DRAM and various standard neural networks will be evaluated. Extensive comparison of robustness and performance will also be done using the hardware accelerator with and without the proposed countermeasures. This will be the first comprehensive hardware demonstration of neural network acceleration with adversarial fault attack countermeasures, thus making a significant contribution in advancing this emerging field of research.

Total Budget (INR):

 27,82,670

Organizations involved

Implementing Agency :

Indian Institute Of Science, Bangalore, Karnataka

Funding Agency :

Anusandhan National Rsearch Foundation (ANRF)/Science and Engineering Research Board (SERB)

Source :

Anusandhan National Research Foundation/Science and Engineering Research Board (SERB), DST 2023-24

Related Research

NIDHI COE (Centre of Excellence) at T-Hub Foundation, Hyderabad, Telangana
Adversarial Machine Learning for Anomaly Detectors in Process Systems: A Case Study on Tennessee Eastman Process Dataset
Reconfigurable and Machine Learning Attack Resilient Spintronics based Physically Unclonable Function Design for constrained IoT Systems
Artificial Intelligence for Monitoring of Wildlife for Conservation (AIM-Wildlife Conservation)
Development of advanced giant magneto-impedance (GMI) based sensor for structural health monitoring of engineering structure with enhanced area coverage