Practical Attacks on Deep Neural Networks by Memory Trojaning

doi:10.1109/TCAD.2020.2995347

	Practical Attacks on Deep Neural Networks by Memory Trojaning
	Hu, Xing 1; Zhao, Yang 2; Deng, Lei 3; Liang, Ling 3; Zuo, Pengfei 4; Ye, Jing 1; Lin, Yingyan 2; Xie, Yuan 3
	2021-06-01
发表期刊	IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS
ISSN	0278-0070
卷号	40 期号:6 页码:1230-1243
摘要	Deep neural network (DNN) accelerators are widely deployed in computer vision, speech recognition, and machine translation applications, in which attacks on DNNs have become a growing concern. This article focuses on exploring the implications of hardware Trojan attacks on DNNs. Trojans are one of the most challenging threat models in hardware security where adversaries insert malicious modifications to the original integrated circuits (ICs), leading to malfunction once being triggered. Such attacks can be conducted by adversaries because modern ICs commonly include third-party intellectual property (IP) blocks. Previous studies design hardware Trojans to attack DNNs with the assumption that adversaries have full knowledge or manipulation of the DNN systems' victim model and toolchain in addition to the hardware platforms, yet such a threat model is strict, limiting their practical adoption. In this article, we propose a memory Trojan methodology that implants the malicious logics merely into the memory controllers of DNN systems without the necessity of toolchain manipulation or accessing to the victim model and thus is feasible for practical uses. Specifically, we locate the input image data among the massive volume of memory traffics based on memory access patterns and propose a Trojan trigger mechanism based on detecting the geometric feature in input images. Extensive experiments show that the proposed trigger mechanism is effective even in the presence of environmental noises and preprocessing operations. Furthermore, we design and implement the payload and verify that the proposed Trojan technique can effectively conduct both untargeted and targeted attacks on DNNs.
关键词	Trojan horses Hardware Integrated circuit modeling Computational modeling Security Payloads Convolutional neural networks (CNNs) deep learning accelerator deep learning attack hardware Trojan
DOI	10.1109/TCAD.2020.2995347
收录类别	SCI
语种	英语
资助项目	National Science Foundation[1725447] ; National Science Foundation[1730309]
WOS研究方向	Computer Science ; Engineering
WOS类目	Computer Science, Hardware & Architecture ; Computer Science, Interdisciplinary Applications ; Engineering, Electrical & Electronic
WOS记录号	WOS:000652792400018
出版者	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
引用统计	被引频次：16[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/17567
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Deng, Lei
作者单位	1.Chinese Acad Sci, Inst Comp Technol, State Key Lab Comp Architecture, Beijing 100190, Peoples R China 2.Rice Univ, Dept Elect & Comp Engn, Houston, TX 77005 USA 3.Univ Calif Santa Barbara, Dept Elect & Comp Engn, Santa Barbara, CA 93106 USA 4.Huazhong Univ Sci & Technol, Dept Comp Sci & Technol, Wuhan 430074, Peoples R China
推荐引用方式 GB/T 7714	Hu, Xing,Zhao, Yang,Deng, Lei,et al. Practical Attacks on Deep Neural Networks by Memory Trojaning[J]. IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,2021,40(6):1230-1243.
APA	Hu, Xing.,Zhao, Yang.,Deng, Lei.,Liang, Ling.,Zuo, Pengfei.,...&Xie, Yuan.(2021).Practical Attacks on Deep Neural Networks by Memory Trojaning.IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,40(6),1230-1243.
MLA	Hu, Xing,et al."Practical Attacks on Deep Neural Networks by Memory Trojaning".IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS 40.6(2021):1230-1243.