Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors
Decision making tasks carried out by the usage of deep neural networks are successfully taking over in many areas, including those that are security critical, such as healthcare, transportation, smart grids, where intentional and unintentional failures can be disastrous. Edge computing systems are b...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/156095 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-156095 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1560952022-05-14T20:12:04Z Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors Hou, Xiaolu Breier, Jakub Jap, Dirmanto Ma, Lei Bhasin, Shivam Liu, Yang Temasek Laboratories @ NTU Engineering::Computer science and engineering::Hardware::Performance and reliability Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Fault Attack Neural Network Decision making tasks carried out by the usage of deep neural networks are successfully taking over in many areas, including those that are security critical, such as healthcare, transportation, smart grids, where intentional and unintentional failures can be disastrous. Edge computing systems are becoming ubiquitous nowadays, often serving deep learning tasks that do not need to be sent over to servers. Therefore, there is a necessity to evaluate the potential attacks that can target deep learning in the edge. In this work, we present evaluation of deep neural networks (DNNs) reliability against fault injection attacks. We first experimentally evaluate DNNs implemented in an embedded device by using laser fault injection to get the insight on possible attack vectors. We show practical results on four activation functions, ReLu, softmax, sigmoid, and tanh. We then perform a deep study on DNNs based on derived fault models by using several different attack strategies based on random faults. We also investigate a powerful attacker who can find effective fault location based on genetic algorithm, to show the most efficient attacks in terms of misclassification success rates. Finally, we show how a state of the art countermeasure against model extraction attack can be bypassed with a fault attack. Our results can serve as a basis to outline the susceptibility of DNNs to physical attacks which can be considered a viable attack vector whenever a device is deployed in hostile environment. National Research Foundation (NRF) Submitted/Accepted version This research is supported in parts by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR-NCR009- 0001) 2022-04-05T08:45:27Z 2022-04-05T08:45:27Z 2021 Journal Article Hou, X., Breier, J., Jap, D., Ma, L., Bhasin, S. & Liu, Y. (2021). Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors. Microelectronics Reliability, 120, 114116-. https://dx.doi.org/10.1016/j.microrel.2021.114116 0026-2714 https://hdl.handle.net/10356/156095 10.1016/j.microrel.2021.114116 2-s2.0-85104295214 120 114116 en NRF2018NCR-NCR009- 0001 Microelectronics Reliability © 2021 Elsevier Ltd. All rights reserved. This paper was published in Microelectronics Reliability and is made available with permission of Elsevier Ltd. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Hardware::Performance and reliability Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Fault Attack Neural Network |
| spellingShingle |
Engineering::Computer science and engineering::Hardware::Performance and reliability Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Fault Attack Neural Network Hou, Xiaolu Breier, Jakub Jap, Dirmanto Ma, Lei Bhasin, Shivam Liu, Yang Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors |
| description |
Decision making tasks carried out by the usage of deep neural networks are successfully taking over in many areas, including those that are security critical, such as healthcare, transportation, smart grids, where intentional and unintentional failures can be disastrous. Edge computing systems are becoming ubiquitous nowadays, often serving deep learning tasks that do not need to be sent over to servers. Therefore, there is a necessity to evaluate the potential attacks that can target deep learning in the edge. In this work, we present evaluation of deep neural networks (DNNs) reliability against fault injection attacks. We first experimentally evaluate DNNs implemented in an embedded device by using laser fault injection to get the insight on possible attack vectors. We show practical results on four activation functions, ReLu, softmax, sigmoid, and tanh. We then perform a deep study on DNNs based on derived fault models by using several different attack strategies based on random faults. We also investigate a powerful attacker who can find effective fault location based on genetic algorithm, to show the most efficient attacks in terms of misclassification success rates. Finally, we show how a state of the art countermeasure against model extraction attack can be bypassed with a fault attack. Our results can serve as a basis to outline the susceptibility of DNNs to physical attacks which can be considered a viable attack vector whenever a device is deployed in hostile environment. |
| author2 |
Temasek Laboratories @ NTU |
| author_facet |
Temasek Laboratories @ NTU Hou, Xiaolu Breier, Jakub Jap, Dirmanto Ma, Lei Bhasin, Shivam Liu, Yang |
| format |
Article |
| author |
Hou, Xiaolu Breier, Jakub Jap, Dirmanto Ma, Lei Bhasin, Shivam Liu, Yang |
| author_sort |
Hou, Xiaolu |
| title |
Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors |
| title_short |
Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors |
| title_full |
Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors |
| title_fullStr |
Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors |
| title_full_unstemmed |
Physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors |
| title_sort |
physical security of deep learning on edge devices : comprehensive evaluation of fault injection attack vectors |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/156095 |
| _version_ |
1734310228119257088 |