Fault-injection based attacks and countermeasure on deep neural network accelerators
The rapid development of deep learning accelerator has unlocked new applications that require local inference at the edge device. However, this trend of development to facilitate edge intelligence also invites new hardware-oriented attacks, which are different from and have more dreadful impact than...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/152080 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-152080 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1520802023-07-04T17:00:50Z Fault-injection based attacks and countermeasure on deep neural network accelerators Liu, Wenye Chang Chip Hong School of Electrical and Electronic Engineering ECHChang@ntu.edu.sg Engineering::Electrical and electronic engineering::Integrated circuits Engineering::Computer science and engineering::Hardware::Performance and reliability The rapid development of deep learning accelerator has unlocked new applications that require local inference at the edge device. However, this trend of development to facilitate edge intelligence also invites new hardware-oriented attacks, which are different from and have more dreadful impact than the well-known adversarial examples. Existing hardware-based attacks on DNN focuses on model interpolation. Many of these attacks are limited to general-purpose processor instances or DNN accelerators on small scale applications. Hardware-oriented attacks can directly intervene the internal computations of the inference machine without the need to modify the target inputs. This extra degree of manipulability offers more space of research exploration on the security threats, attack surfaces and countermeasures on modern DNN accelerators. New practical and robust hardware attack and fault recovery on large scale applications and real-word object classification scenarios of DNN accelerator are investigated, and error resilient DNN design are presented in this thesis. Doctor of Philosophy 2021-07-16T06:36:00Z 2021-07-16T06:36:00Z 2021 Thesis-Doctor of Philosophy Liu, W. (2021). Fault-injection based attacks and countermeasure on deep neural network accelerators. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/152080 https://hdl.handle.net/10356/152080 10.32657/10356/152080 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Electrical and electronic engineering::Integrated circuits Engineering::Computer science and engineering::Hardware::Performance and reliability |
| spellingShingle |
Engineering::Electrical and electronic engineering::Integrated circuits Engineering::Computer science and engineering::Hardware::Performance and reliability Liu, Wenye Fault-injection based attacks and countermeasure on deep neural network accelerators |
| description |
The rapid development of deep learning accelerator has unlocked new applications that require local inference at the edge device. However, this trend of development to facilitate edge intelligence also invites new hardware-oriented attacks, which are different from and have more dreadful impact than the well-known adversarial examples. Existing hardware-based attacks on DNN focuses on model interpolation. Many of these attacks are limited to general-purpose processor instances or DNN accelerators on small scale applications. Hardware-oriented attacks can directly intervene the internal computations of the inference machine without the need to modify the target inputs. This extra degree of manipulability offers more space of research exploration on the security threats, attack surfaces and countermeasures on modern DNN accelerators. New practical and robust hardware attack and fault recovery on large scale applications and real-word object classification scenarios of DNN accelerator are investigated, and error resilient DNN design are presented in this thesis. |
| author2 |
Chang Chip Hong |
| author_facet |
Chang Chip Hong Liu, Wenye |
| format |
Thesis-Doctor of Philosophy |
| author |
Liu, Wenye |
| author_sort |
Liu, Wenye |
| title |
Fault-injection based attacks and countermeasure on deep neural network accelerators |
| title_short |
Fault-injection based attacks and countermeasure on deep neural network accelerators |
| title_full |
Fault-injection based attacks and countermeasure on deep neural network accelerators |
| title_fullStr |
Fault-injection based attacks and countermeasure on deep neural network accelerators |
| title_full_unstemmed |
Fault-injection based attacks and countermeasure on deep neural network accelerators |
| title_sort |
fault-injection based attacks and countermeasure on deep neural network accelerators |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/152080 |
| _version_ |
1772829002819436544 |