Investigation of Voltage Fault Injection Attacks on NN Inference Utilizing NVM based Weight Storage

This study investigates the vulnerability of Neural Networks (NNs) with weights stored in commercial Non-Volatile Memory (NVM) chips to Voltage Fault Injection (VFI) attack. In particular, we present the vulnerabilities of NOR Flash and Resistive Random Access Memory (ReRAM) chips to VFI attack. We experimentally inject voltage glitches with similar to 12% variation in power supply compared to the data-sheet specifications. As a case study, we implement two NNs: i) Multilayer Perceptron (MLP) and ii) AlexNet (CNN) trained on Fashion MNIST (FMNIST) and CIFAR-10 datasets respectively. We observe failure of read operations in NVM chips due to VFI. The occurrences of soft errors lead to significant corruption (similar to 91% for FMNIST and similar to 42% for CIFAR-10 datasets) in the trained weights read out. Experimental results show that the inference accuracy of NNs drops to similar to 10% for FMNIST and similar to 14.36% for CIFAR-10.