Novel Hardware Trojan Attack on Activation Parameters of FPGA-Based DNN Accelerators
Rijoy Mukherjee, Rajat Subhra Chakraborty
Abstract
Deep neural network (DNN) hardware accelerators are being deployed widely to accelerate the inference process. Security of such accelerators is a major challenge, especially when being deployed in safety-critical systems such as autonomous vehicles. In this letter, we present novel Hardware Trojan (HT) attacks on two DNN hardware accelerators, which modifies the activation parameters of the DNN in a field-programmable gate array-based accelerator implementation. The proposed HT is agnostic to the detailed architecture of the DNN. Experimental results demonstrate that the proposed HT is extremely stealthy, and when activated can result in significant degradation in inference accuracy.
Topics & Concepts
Field-programmable gate arrayComputer scienceInferenceEmbedded systemProcess (computing)Hardware TrojanArtificial neural networkHardware accelerationTrojanComputer hardwareGate arrayArtificial intelligenceComputer securityOperating systemPhysical Unclonable Functions (PUFs) and Hardware SecurityIntegrated Circuits and Semiconductor Failure AnalysisAdversarial Robustness in Machine Learning