FCDM: A Methodology Based on Sensor Pattern Noise Fingerprinting for Fast Confidence Detection to Adversarial Attacks

doi:10.1109/TCAD.2020.2969982

	FCDM: A Methodology Based on Sensor Pattern Noise Fingerprinting for Fast Confidence Detection to Adversarial Attacks
	Lan, Yazhu 1,2; Nixon, Kent W.1; Guo, Qingli 3; Zhang, Guohe 4; Xu, Yuanchao 5; Li, Hai 6; Chen, Yiran 6
	2020-12-01
发表期刊	IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS
ISSN	0278-0070
卷号	39 期号:12 页码:4791-4804
摘要	Deep neural networks (DNNs) have shown phenomenal success in many real-world applications. However, a concerning weakness of DNNs is their vulnerability to adversarial attacks. Although there exist some methods to detect adversarial attacks, they often suffer from high computational cost and constraints on certain types of attacks, and ignore external features that could aid during attack detection. In this article, we propose fast confidence detection method (FCDM), an innovative method for fast confidence detection of adversarial attacks based on measuring the integrity of sensor pattern noise fingerprinting embedded in input examples. We note that the existing adversarial detectors are often designed as a binary classifier to differentiate clean or adversarial examples. However, the detection of adversarial examples can be much more complicated than such a scenario. Our key insight is that the confidence level of detecting an input sample as an adversarial example is a more useful info for the system to properly take an action to resist potential attacks. The experimental results show that FCDM is capable to give a confidence distribution model of the most popular adversarial attacks. And, using the confidence distribution model, FCDM can quickly determine the confidence level of the input sample. Based on different properties of the confidence distribution models associated with these adversarial attacks, FCDM can provide early attack warning including even the possible attack types of the adversarial attack examples. FCDM also has the following advantages: 1) it is effective for both a white-box attack and black-box attack; 2) it do not depend on the class of adversarial attacks and can be used as both known attack defense and unknown attack defense; and 3) it does not need to know the details of the DNN model and does not affect the functionality of the DNN. Since fast confidence detection method (FCDM) is a computationally heavy task, we propose an FPGA-based accelerator based on a series of optimization techniques, such as the quantization, data reuse and operation replacement, etc. We implement our method on an FPGA platform and achieve a system clock frequency of 279 MHz with a power consumption of the only 0.7626 W. Moreover, in the real system performance test, we obtain a high efficiency of 29.740 IPS/W and a low latency of just 44.1 ms with very marginal accuracy loss.
关键词	Perturbation methods Computational modeling Data integrity Detectors Optimization Field programmable gate arrays Hardware Adversarial attacks confidence detection deep neural networks (DNNs) FPGA-based hardware architecture sensor pattern noise (SPN)
DOI	10.1109/TCAD.2020.2969982
收录类别	SCI
语种	英语
资助项目	National Key Research and Development Plan[2016YFB1000203] ; State Key Laboratory of Computer Architecture (CARCH)[3509] ; National Natural Science Foundation of USA[CCF-1744082] ; National Natural Science Foundation of USA[CCF-1717657] ; Duke University ; Chinese Scholarship Council
WOS研究方向	Computer Science ; Engineering
WOS类目	Computer Science, Hardware & Architecture ; Computer Science, Interdisciplinary Applications ; Engineering, Electrical & Electronic
WOS记录号	WOS:000592111400038
出版者	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
引用统计	被引频次：1[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/16133
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Lan, Yazhu
作者单位	1.Duke Univ, Dept Elect & Comp Engn, Durham, NC 27701 USA 2.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 3.Univ Chinese Acad Sci, Dept Comp Sci & Technol, Beijing 100089, Peoples R China 4.Xi An Jiao Tong Univ, Dept Microelect, Xian 710049, Peoples R China 5.Capital Normal Univ, Dept Comp Sci & Technol, Beijing 100048, Peoples R China 6.Duke Univ, Dept Elect & Comp Engn, Durham, NC 27708 USA
推荐引用方式 GB/T 7714	Lan, Yazhu,Nixon, Kent W.,Guo, Qingli,et al. FCDM: A Methodology Based on Sensor Pattern Noise Fingerprinting for Fast Confidence Detection to Adversarial Attacks[J]. IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,2020,39(12):4791-4804.
APA	Lan, Yazhu.,Nixon, Kent W..,Guo, Qingli.,Zhang, Guohe.,Xu, Yuanchao.,...&Chen, Yiran.(2020).FCDM: A Methodology Based on Sensor Pattern Noise Fingerprinting for Fast Confidence Detection to Adversarial Attacks.IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,39(12),4791-4804.
MLA	Lan, Yazhu,et al."FCDM: A Methodology Based on Sensor Pattern Noise Fingerprinting for Fast Confidence Detection to Adversarial Attacks".IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS 39.12(2020):4791-4804.