Exploiting Logic Locking for a Neural Trojan Attack on Machine Learning Accelerators

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Keynote: A Disquisition on Logic Locking

Abhishek Chakraborty, Nithyashankari Gummidipoondi Jayasankaran

Published: 2019

2020 57th ACM/IEEE Design Automation Conference (DAC)

Hardware-assisted intellectual property protection of deep learning models

Abhishek Chakraborty, Ankit Mondal, Ankur Srivastava

Published: 2020

AAAI Conference on Artificial Intelligence

DeepHardMark: Towards watermarking neural network hardware

Joseph Clements, Yingjie Lao

Published: 2022

International Symposium on Field-Programmable Custom Computing Machines

FP-DNN: An automated framework for mapping deep neural networks onto FPGAs with RTL-HLS hybrid templates

Yijin Guan, Hao Liang

Published: 2017

Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition

Deep residual learning for image recognition

Kaiming He, Xiangyu Zhang, Shaoqing Ren, Jian Sun

Published: 2016

Proceedings of the 55th Annual Design Automation Conference

Reverse engineering convolutional neural networks through side-channel information leaks

W. Hua, Z. Zhang, G. E. Suh

Published: 2018

Cryptology ePrint Archive

Advances in Logic Locking: Past, Present, and Prospects

Hadi Mardani Kamali, Kimia Zamiri Azar

Published: 2022

arxiv

Cited by 8

Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks

Kang Liu, Brendan Dolan-Gavitt, Siddharth Garg

Published: 5.31.2018

Deep neural networks (DNNs) provide excellent performance across a wide range of classification tasks, but their training requires high computational resources and is often outsourced to third parties. Recent work has shown that outsourced training introduces the risk that a malicious trainer will return a backdoored DNN that behaves normally on most inputs but causes targeted misclassifications or degrades the accuracy of the network when a trigger known only to the attacker is present. In this paper, we provide the first effective defenses against backdoor attacks on DNNs. We implement three backdoor attacks from prior work and use them to investigate two promising defenses, pruning and fine-tuning. We show that neither, by itself, is sufficient to defend against sophisticated attackers. We then evaluate fine-pruning, a combination of pruning and fine-tuning, and show that it successfully weakens or even eliminates the backdoors, i.e., in some cases reducing the attack success rate to 0% with only a 0.4% drop in accuracy for clean (non-triggering) inputs. Our work provides the first step toward defenses against backdoor attacks in deep neural networks.

Deep Learning Backdoor Detection Attack Method

ACM SIGSAC CCS

Abs: Scanning neural networks for back-doors by artificial brain stimulation

Liu, Y., Lee, W.-C., Tao, G., Ma, S., Aafer, Y., Zhang, X.

Published: 2019

2020 21st International Symposium on Quality Electronic Design (ISQED)

A survey on neural trojans

Yuntao Liu, Ankit Mondal, Abhishek Chakraborty, Michael Zuzak, Nina Jacobsen, Daniel Xing, Ankur Srivastava

Published: 2020

ACM Journal on Emerging Technologies in Computing Systems

Robust and attack resilient logic locking with a high application-level impact

Yuntao Liu, Michael Zuzak, Yang Xie, Abhishek Chakraborty, Ankur Srivastava

Published: 2021

arXiv preprint

Logic locking for secure outsourced chip fabrication: A new attack and provably secure defense mechanism

Mohamed El Massad, Jun Zhang, Siddharth Garg, Mahesh V Tripunitara

Published: 2017

2020 IEEE high performance extreme computing conference (HPEC)

Survey of machine learning accelerators

Albert Reuther, Peter Michaleas, Michael Jones, Vijay Gadepally, Siddharth Samsi, Jeremy Kepner

Published: 2020

Proc. IEEE

A primer on hardware security: Models, methods, and metrics

M. Rostami, et al.

Published: 2014

IACR Transactions on Cryptographic Hardware and Embedded Systems

CASLock: A Security-Corruptibility Trade-off Resilient Logic Locking Scheme

Bicky Shakya, Xiaolin Xu, Mark Tehranipoor, Domenic Forte

Published: 2020

IEEE Transactions on Information Forensics and Security

On the approximation resiliency of logic locking and IC camouflaging schemes

Kaveh Shamsi, Travis Meade, Meng Li, David Z Pan, Yier Jin

Published: 2018

2018 Fourth international conference on computing communication control and automation (ICCUBEA)

A review of machine learning and deep learning applications

Pramila P Shinde, Seema Shah

Published: 2018

IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

Evaluating the security of logic encryption algorithms

P. Subramanyan, S. Ray, S. Malik

Published: 2015

2017 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017

Aggregated residual transformations for deep neural networks

Saining Xie, Ross B. Girshick, Piotr Dollar, Zhuowen Tu, Kaiming He

Published: 2017

IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems

Anti-sat: Mitigating sat attack on logic locking

Yang Xie, Ankur Srivastava

Published: 2018

arxiv

Cited by 1

Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures

Mengjia Yan, Christopher Fletcher, Josep Torrellas

Published: 8.15.2018

Deep Neural Networks (DNNs) are fast becoming ubiquitous for their ability to attain good accuracy in various machine learning tasks. A DNN's architecture (i.e., its hyper-parameters) broadly determines the DNN's accuracy and performance, and is often confidential. Attacking a DNN in the cloud to obtain its architecture can potentially provide major commercial value. Further, attaining a DNN's architecture facilitates other, existing DNN attacks. This paper presents Cache Telepathy: a fast and accurate mechanism to steal a DNN's architecture using the cache side channel. Our attack is based on the insight that DNN inference relies heavily on tiled GEMM (Generalized Matrix Multiply), and that DNN architecture parameters determine the number of GEMM calls and the dimensions of the matrices used in the GEMM functions. Such information can be leaked through the cache side channel. This paper uses Prime+Probe and Flush+Reload to attack VGG and ResNet DNNs running OpenBLAS and Intel MKL libraries. Our attack is effective in helping obtain the architectures by very substantially reducing the search space of target DNN architectures. For example, for VGG using OpenBLAS, it reduces the search space from more than $10^{35}$ architectures to just 16.

Detection of Model Extraction Attacks Hyperparameter Tuning Model Extraction Attack

IEEE Int. Symp. Hardware Oriented Security and Trust (HOST)

SARLock: SAT attack resistant logic locking

M. Yasin, B. Mazumdar, J. J. Rajendran, O. Sinanoglu

Published: 2016

Proc. SIGSAC Conf. Computer and Communications Security

Provably-secure logic locking: From theory to practice

M. Yasin, A. Sengupta, M. T. Nabeel, M. Ashraf, J. J. Rajendran, O. Sinanoglu

Published: 2017

2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

DNNBuilder: An automated tool for building high-performance DNN hardware accelerators for FPGAs

Xiaofan Zhang, Junsong Wang, Chao Zhu, Yonghua Lin, Jinjun Xiong, Wen-mei Hwu, Deming Chen

Published: 2018

International Conference on Computer-Aided Design (ICCAD)

Resolving the Trilemma in Logic Encryption

Hai Zhou, Amin Rezaei, Yuanqi Shen

Published: 2019

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Trace Logic Locking: Improving the Parametric Space of Logic Locking

Michael Zuzak, Yuntao Liu, Ankur Srivastava

Published: 2020

ACM/IEEE Design Automation Conference

A Resource Binding Approach to Logic Obfuscation

Michael Zuzak, Yuntao Liu, Ankur Srivastava

Published: 2021