Practical Attacks on Deep Neural Networks by Memory Trojaning

doi:10.1109/TCAD.2020.2995347

	Practical Attacks on Deep Neural Networks by Memory Trojaning
	Hu, Xing 4; Zhao, Yang 3; Deng, Lei 2; Liang, Ling 2; Zuo, Pengfei 1; Ye, Jing 4; Lin, Yingyan 3; Xie, Yuan 2
刊名	IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS
	2021-06-01
卷号	40 期号:6 页码:1230-1243
关键词	Trojan horses Hardware Integrated circuit modeling Computational modeling Security Payloads Convolutional neural networks (CNNs) deep learning accelerator deep learning attack hardware Trojan
ISSN号	0278-0070
DOI	10.1109/TCAD.2020.2995347
英文摘要	Deep neural network (DNN) accelerators are widely deployed in computer vision, speech recognition, and machine translation applications, in which attacks on DNNs have become a growing concern. This article focuses on exploring the implications of hardware Trojan attacks on DNNs. Trojans are one of the most challenging threat models in hardware security where adversaries insert malicious modifications to the original integrated circuits (ICs), leading to malfunction once being triggered. Such attacks can be conducted by adversaries because modern ICs commonly include third-party intellectual property (IP) blocks. Previous studies design hardware Trojans to attack DNNs with the assumption that adversaries have full knowledge or manipulation of the DNN systems' victim model and toolchain in addition to the hardware platforms, yet such a threat model is strict, limiting their practical adoption. In this article, we propose a memory Trojan methodology that implants the malicious logics merely into the memory controllers of DNN systems without the necessity of toolchain manipulation or accessing to the victim model and thus is feasible for practical uses. Specifically, we locate the input image data among the massive volume of memory traffics based on memory access patterns and propose a Trojan trigger mechanism based on detecting the geometric feature in input images. Extensive experiments show that the proposed trigger mechanism is effective even in the presence of environmental noises and preprocessing operations. Furthermore, we design and implement the payload and verify that the proposed Trojan technique can effectively conduct both untargeted and targeted attacks on DNNs.
资助项目	National Science Foundation[1725447] ; National Science Foundation[1730309]
WOS研究方向	Computer Science ; Engineering
语种	英语
出版者	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
WOS记录号	WOS:000652792400018
内容类型	期刊论文
源URL	[http://119.78.100.204/handle/2XEOYT63/17566]
专题	中国科学院计算技术研究所
通讯作者	Deng, Lei
作者单位	1.Huazhong Univ Sci & Technol, Dept Comp Sci & Technol, Wuhan 430074, Peoples R China 2.Univ Calif Santa Barbara, Dept Elect & Comp Engn, Santa Barbara, CA 93106 USA 3.Rice Univ, Dept Elect & Comp Engn, Houston, TX 77005 USA 4.Chinese Acad Sci, Inst Comp Technol, State Key Lab Comp Architecture, Beijing 100190, Peoples R China
推荐引用方式 GB/T 7714	Hu, Xing,Zhao, Yang,Deng, Lei,et al. Practical Attacks on Deep Neural Networks by Memory Trojaning[J]. IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,2021,40(6):1230-1243.
APA	Hu, Xing.,Zhao, Yang.,Deng, Lei.,Liang, Ling.,Zuo, Pengfei.,...&Xie, Yuan.(2021).Practical Attacks on Deep Neural Networks by Memory Trojaning.IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,40(6),1230-1243.
MLA	Hu, Xing,et al."Practical Attacks on Deep Neural Networks by Memory Trojaning".IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS 40.6(2021):1230-1243.