A forward error compensation approach for fault resilient deep neural network accelerator design

A forward error compensation approach for fault resilient deep neural network accelerator design

Deep learning accelerator is a key enabler of a variety of safety-critical applications such as self-driving car and video surveillance. However, recently reported hardware-oriented attack vectors, e.g., fault injection attacks, have extended the threats on deployed deep neural network (DNN) systems...

全面介紹

Saved in:
書目詳細資料
Main Authors: Liu, Wenye, Chang, Chip Hong
其他作者: School of Electrical and Electronic Engineering
格式: Conference or Workshop Item
語言:English
出版: 2022
主題:
Engineering::Electrical and electronic engineering::Computer hardware, software and systems
Hardware Security
Fault Injection Attack
Deep Neural Network Accelerator
在線閱讀:https://hdl.handle.net/10356/155879
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
機構: Nanyang Technological University
語言: English
實物特徵
總結:Deep learning accelerator is a key enabler of a variety of safety-critical applications such as self-driving car and video surveillance. However, recently reported hardware-oriented attack vectors, e.g., fault injection attacks, have extended the threats on deployed deep neural network (DNN) systems beyond the software attack boundary by input data perturbation. Existing fault mitigation schemes including data masking, zeroing-on-error and circuit level time-borrowing techniques exploit the noise-tolerance of neural network models to resist random and sparse errors. Such noise tolerant-based schemes are not sufficiently effective to suppress intensive transient errors if a DNN accelerator is blasted with malicious and deliberate faults. In this paper, we conduct comprehensive investigations on reported resilient designs and propose a more robust countermeasure to fault injection attacks. The proposed design utilizes shadow flip flops for error detection and lightweight circuit for timely error correction. Our forward error compensation scheme rectifies the incorrect partial sum of the multiply-accumulation operation by estimating the difference between the correct and error-inflicted computation. The difference is added back to the final accumulated result at a later cycle without stalling the execution pipeline. We implemented our proposed design and the existing fault-mitigation schemes on the same Intel FPGA-based DNN accelerator to demonstrate its substantially enhanced resiliency against deliberate fault attacks on two popular DNN models, ResNet50 and VGG16, trained with ImageNet.

相似書籍