论文标题
NeuroAttack:通过外部触发的位薄片破坏尖峰神经网络安全
NeuroAttack: Undermining Spiking Neural Networks Security through Externally Triggered Bit-Flips
论文作者
论文摘要
由于其可靠的效率,机器学习系统被部署在各种复杂的现实生活中。更具体地说,尖峰神经网络(SNN)成为了机器学习系统中准确性,资源利用和能源效率挑战的有希望的解决方案。当这些系统成为主流时,它们存在固有的安全性和可靠性问题。在本文中,我们提出了NeuroAttack,这是一种跨层攻击,通过通过高级攻击来利用低级可靠性问题来威胁SNN的完整性。特别是,我们通过精心制作的对抗输入噪声触发了基于故障注射的偷偷摸摸的硬件后门。我们对深度神经网络(DNN)和SNN的结果对最先进的机器学习技术构成了严重的完整性威胁。
Due to their proven efficiency, machine-learning systems are deployed in a wide range of complex real-life problems. More specifically, Spiking Neural Networks (SNNs) emerged as a promising solution to the accuracy, resource-utilization, and energy-efficiency challenges in machine-learning systems. While these systems are going mainstream, they have inherent security and reliability issues. In this paper, we propose NeuroAttack, a cross-layer attack that threatens the SNNs integrity by exploiting low-level reliability issues through a high-level attack. Particularly, we trigger a fault-injection based sneaky hardware backdoor through a carefully crafted adversarial input noise. Our results on Deep Neural Networks (DNNs) and SNNs show a serious integrity threat to state-of-the art machine-learning techniques.
