Novel Hardware Trojan Attack on Activation Parameters of FPGA-based DNN Accelerators
Published in IEEE Embedded Systems Letters, 2022
Recommended citation: R. Mukherjee and R. S. Chakraborty, "Novel Hardware Trojan Attack on Activation Parameters of FPGA-Based DNN Accelerators," in IEEE Embedded Systems Letters, vol. 14, no. 3, pp. 131-134, Sept. 2022, doi: 10.1109/LES.2022.3159541. https://ieeexplore.ieee.org/document/9734742
Deep Neural Network (DNN) hardware accelerators are being deployed widely to accelerate the inference process. Security of such accelerators is a major challenge, especially when being deployed in safety-critical systems such as autonomous vehicles. In this paper, we present novel Hardware Trojan (HT) attacks on two DNN hardware accelerators, which modifies the activation parameters of the DNN in a FPGA-based accelerator implementation. The proposed HT is agnostic to the detailed architecture of the DNN. Experimental results demonstrate that the proposed HT is extremely stealthy, and when activated can result in significant degradation in inference accuracy.
Recommended citation: R. Mukherjee and R. S. Chakraborty, “Novel Hardware Trojan Attack on Activation Parameters of FPGA-Based DNN Accelerators,” in IEEE Embedded Systems Letters, vol. 14, no. 3, pp. 131-134, Sept. 2022, doi: 10.1109/LES.2022.3159541.