Exploiting device-level non-idealities for adversarial attacks on ReRAM-based neural networks

被引：0

作者：

McLemore, Tyler ^{[1
]}

Sunbury, Robert ^{[1
]}

Brodzik, Seth ^{[1
]}

Cronin, Zachary ^{[1
]}

Timmons, Elias ^{[1
]}

Chakraborty, Dwaipayan ^{[1
]}

机构：

[1] Department of Electrical and Computer Engineering, Rowan University, 201 Mullica Hill Rd, Glassboro, 08028, NJ

来源：

Memories - Materials, Devices, Circuits and Systems | 2023年 / 4卷

关键词：

Adversarial attack; Explainable AI; Memristor; Neural network; Non-ideality; ReRAM;

D O I：

10.1016/j.memori.2023.100053

中图分类号：

学科分类号：

摘要：

Resistive memory (ReRAM) or memristor devices offer the prospect of more efficient computing. While memristors have been used for a variety of computing systems, their usage has gained significant popularity in the domain of deep learning. Weight matrices in deep neural networks can be mapped to crossbar architectures with memristive junctions, generally resulting in superior performance and energy efficiency. However, the nascent nature of ReRAM technology is directly associated with the presence of inherent non-idealities in the ReRAM devices currently available. Deep neural networks have already been shown to be susceptible to adversarial attacks, often by targeting vulnerabilities in the networks’ internal representation of input data. In this paper, we explore the causal relationship between device-level non-idealities in ReRAM devices and the classification performance of memristor-based neural network accelerators. Specifically, our aim is to generate images which bypass adversarial defense mechanisms in software neural networks but trigger non-trivial performance discrepancies in ReRAM-based neural networks. To this end, we have proposed a framework to generate adversarial images in the hypervolume between the two decision boundaries, thereby leveraging non-ideal device behavior for performance detriment. We employ state-of-the-art tools in explainable artificial intelligence to characterize our adversarial image samples, and derive a new metric to quantify susceptibility to adversarial attacks at the pixel and device-levels. © 2023

引用

共 121 条

[1] Chua L., Memristor-the missing circuit element, IEEE Trans. Circuit Theory, 18, 5, pp. 507-519, (1971)
[2] Strukov D.B., Snider S., Stewart D.R., Williams R.S., The missing memristor found, Nature, 453, 7191, pp. 80-83, (2008)
[3] Dalgaty T., Payvand M., Moro F., Ly D.R.B., Pebay-Peyroula F., Casas J., Indiveri G., Vianello E., Hybrid neuromorphic circuits exploiting non-conventional properties of RRAM for massively parallel local plasticity mechanisms, APL Mater., 7, 8, (2019)
[4] You H., Wang D.-H., Neuromorphic implementation of attractor dynamics in a two-variable winner-take-all circuit with nmdars: A simulation study, Front. Neurosci., 11, (2017)
[5] Nguyen A., Nguyen H., Venimadhavan S., Venkattraman A., Parent D., Wong H.Y., Fully analog reram neuromorphic circuit optimization using DTCO simulation framework, 2020 International Conference on Simulation of Semiconductor Processes and Devices, SISPAD, pp. 201-204, (2020)
[6] Mehonic A., Joksas D., Ng W.H., Buckwell M., Kenyon A.J., Simulation of inference accuracy using realistic rram devices, Front. Neurosci., 13, (2019)
[7] Abbas R., Benini L., Gupta R.K., Variability mitigation in nanometer CMOS integrated systems: A survey of techniques from circuits to software, Proc. IEEE, 104, 7, pp. 1410-1448, (2016)
[8] Rinitha R., Ponni R., Testing in VLSI: A survey, 2016 International Conference on Emerging Trends in Engineering, Technology and Science, ICETETS, pp. 1-6, (2016)
[9] Chakraborty I., Ali M.F., Kim D.E., Ankit A., Roy K., Geniex: A generalized approach to emulating non-ideality in memristive xbars using neural networks, (2020)
[10] Zahoor F., Zulkifli T.Z.A., Khanday F.A., Resistive random access memory (RRAM): An overview of materials, switching mechanism, performance, multilevel cell (MLC) storage, modeling, and applications, Nanoscale Res. Lett., 15, (2020)

← 1 2 3 4 5 6 7 8 9 10 →