AccHashtag: Accelerated Hashing for Detecting Fault-Injection Attacks on Embedded Neural Networks

We propose AccHashtag, the first framework for high-accuracy detection of fault-injection attacks on Deep Neural Networks (DNNs) with provable bounds on detection performance. Recent literature in fault-injection attacks shows the severeDNNaccuracy degradation caused by bit flips. In this scenario, the attacker changes a fewDNNweight bits during execution by injecting faults to the dynamic random-access memory (DRAM). To detect bit flips, AccHashtag extracts a unique signature from the benign DNN prior to deployment. The signature is used to validate the model's integrity and verify the inference output on the fly. We propose a novel sensitivity analysis that identifies the most vulnerable DNN layers to the fault-injection attack. The DNN signature is constructed by encoding theweights in vulnerable layers using a low-collision hash function. During DNN inference, new hashes are extracted from the target layers and compared against the ground-truth signatures. AccHashtag incorporates a lightweight methodology that allows for real-time fault detection on embedded platforms. We devise a specialized compute core for AccHashtag on field-programmable gate arrays (FPGAs) to facilitate online hash generation in parallel to DNN execution. Extensive evaluations with the state-of-the-art bit-flip attack on various DNNs demonstrate the competitive advantage of AccHashtag in terms of both attack detection and execution overhead.

Automated summary

AccHashtag is the first framework for high-accuracy detection of fault-injection attacks on DNNs with provable bounds on detection performance. It extracts a unique signature from the benign DNN prior to deployment to validate the model's integrity and verify the inference output on the fly. AccHashtag identifies the most vulnerable DNN layers to the fault-injection attack using a novel sensitivity analysis.