Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique-Reference-Cited by-同舟云学术

Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique

Published:2024-01-19 Issue:1 Volume:15 Page:149
ISSN:2072-666X
Container-title:Micromachines
language:en
Short-container-title:Micromachines

Author:

Hou Jia¹,Liu Zichu¹,Yang Zepeng¹,Yang Chen¹^ORCID

Affiliation:

1. School of Microelectronics, Xi’an Jiaotong University, Xi’an 710049, China

Abstract

Convolutional neural networks (CNNs) have demonstrated significant superiority in modern artificial intelligence (AI) applications. To accelerate the inference process of CNNs, reconfigurable CNN accelerators that support diverse networks are widely employed for AI systems. Given the ubiquitous deployment of these AI systems, there is a growing concern regarding the security of CNN accelerators and the potential attacks they may face, including hardware Trojans. This paper proposes a hardware Trojan designed to attack a crucial component of FPGA-based CNN accelerators: the reconfigurable interconnection network. Specifically, the hardware Trojan alters the data paths during activation, resulting in incorrect connections in the arithmetic circuit and consequently causing erroneous convolutional computations. To address this issue, the paper introduces a novel detection technique based on physically unclonable functions (PUFs) to safeguard the reconfigurable interconnection network against hardware Trojan attacks. Experimental results demonstrate that by incorporating a mere 0.27% hardware overhead to the accelerator, the proposed hardware Trojan can degrade the inference accuracy of popular neural network architectures, including LeNet, AlexNet, and VGG, by a significant range of 8.93% to 86.20%. The implemented arbiter-PUF circuit on a Xilinx Zynq XC7Z100 platform successfully detects the presence and location of hardware Trojans in a reconfigurable interconnection network. This research highlights the vulnerability of reconfigurable CNN accelerators to hardware Trojan attacks and proposes a promising detection technique to mitigate potential security risks. The findings underscore the importance of addressing hardware security concerns in the design and deployment of AI systems utilizing FPGA-based CNN accelerators.

Funder

National Natural Science Foundation of China

Publisher

MDPI AG

Link

https://www.mdpi.com/2072-666X/15/1/149/pdf

Reference54 articles.

1. Okamoto, T., Odagawa, M., Koide, T., Tanaka, S., Tamaki, T., Raytchev, B., Kaneda, K., Yoshida, S., and Mieno, H. (2019, January 26–29). Feature Extraction of Colorectal Endoscopic Images for Computer-Aided Diagnosis with CNN. Proceedings of the 2019 2nd International Symposium on Devices, Circuits and Systems (ISDCS), Sapporo, Japan.

2. Kido, S., Hirano, Y., and Hashimoto, N. (2018, January 7–9). Detection and classification of lung abnormalities by use of convolutional neural network (CNN) and regions with CNN features (R-CNN). Proceedings of the 2018 Interndational Workshop on Advanced Image Technology (IWAIT), Chiang Mai, Thailand.

3. Eapen, J., Bein, D., and Verma, A. (2019, January 7–9). Novel Deep Learning Model with CNN and Bi-Directional LSTM for Improved Stock Market Index Prediction. Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.

4. Shin, H.-G., Ra, I., and Choi, Y.-H. (2019, January 16–18). A Deep Multimodal Reinforcement Learning System Combined with CNN and LSTM for Stock Trading. Proceedings of the 2019 International Conference on Information and Communication Technology Convergence (ICTC), Jeju Island, Republic of Korea.

5. Wasserstein CNN: Learning Invariant Features for NIR-VIS Face Recognition;He;IEEE Trans. Pattern Anal. Mach. Intell.,2018

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Hardware Trojans Detection and Prevention Techniques Review;Wireless Personal Communications;2024-05

2. Enhancement of Convolutional Neural Network Hardware Accelerators Efficiency Using Sparsity Optimization Framework;IEEE Access;2024