CAREER: Protecting Deep Learning Systems against Hardware-Oriented Vulnerabilities

职业：保护深度学习系统免受面向硬件的漏洞的影响

• 批准号: 2047384
• 负责人: Yingjie Lao
• 金额: $ 50万
• 依托单位: Clemson University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-05-01 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2047384&HistoricalAwards=false
• 关键词: CAREER; Protecting; Deep; Learning; Systems

Artificial intelligence (AI) has recently approached or even surpassed human-level performance in many applications. However, the successful deployment of AI requires sufficient robustness against adversarial attacks of all types and in all phases of the model life cycle. Although much progress has been made in enhancing the robustness of AI algorithms, there is a lack of systematic studies on hardware-oriented vulnerabilities and countermeasures, which also opens up demand for AI security education. Given this pressing need, this project aims at exploring novel hardware-oriented adversarial AI concepts and developing fundamental defensive strategies against such vulnerabilities to protect next-generation AI systems. This project has four thrusts. In Thrust 1, this project will exploit new adversarial attacks on deep neural network systems, featuring the design of an algorithm-hardware collaborative backdoor attack. Then in Thrust 2, it will develop methodologies that incorporate the hardware aspect into defense for enhancing adversarial robustness against vulnerabilities in the untrusted semiconductor supply chain. Subsequently, in Thrust 3, this project will develop novel signature embedding frameworks to protect the integrity of deep neural network models in the untrusted model building supply chain and finally in Thrust 4, it will model recovery strategies as an innovative approach to mitigate hardware-oriented fault attacks in the untrusted user-space.This project will yield novel methodologies for ensuring trust in AI systems from both the algorithm and hardware perspectives to meet the future needs of commercial products and national defense. In addition, it will catalyze advances in emerging AI applications across a broad range of sectors, including healthcare, autonomous vehicles, and Internet of things (IoT), triggering widespread implementation of AI in mobile and edge devices. New theories and techniques developed in this project will be integrated into undergraduate and graduate education and used to raise public awareness and promote understanding of the importance of AI security.Data, code and results generated in this project will be stored when appropriate in the research database managed by the Holcombe Department of Electrical and Computer Engineering at Clemson University. All data will be retained for at least five years after the end of this project or at least five years after publications, whichever is later. Longer periods will apply when questions arise from inquiries or investigations with respect to research. The project repository will be maintained under http://ylao.people.clemson.edu/hardware_AI_securityThis award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

人工智能（AI）最近在许多应用中接近甚至超过了人类水平的性能。然而，人工智能的成功部署需要在模型生命周期的所有阶段对所有类型的对抗性攻击具有足够的鲁棒性。虽然在增强人工智能算法的鲁棒性方面取得了很大进展，但缺乏对面向硬件的漏洞和对策的系统研究，这也开启了人工智能安全教育的需求。鉴于这一迫切需求，该项目旨在探索新的面向硬件的对抗性人工智能概念，并针对这些漏洞开发基本的防御策略，以保护下一代人工智能系统。这个项目有四个重点。在Thrust 1中，该项目将对深度神经网络系统进行新的对抗性攻击，其特点是设计算法-硬件协作后门攻击。然后在Thrust 2中，它将开发将硬件方面纳入防御的方法，以增强对抗不可信半导体供应链中漏洞的对抗鲁棒性。随后，在Thrust 3中，该项目将开发新颖的签名嵌入框架，以保护不可信模型构建供应链中深度神经网络模型的完整性，最后在Thrust 4中，它将恢复策略建模为一种创新方法，以减轻不受信任用户中面向硬件的故障攻击，该项目将产生新的方法，从算法和硬件的角度确保人工智能系统的信任，以满足商业产品和国防的未来需求。此外，它还将促进医疗保健、自动驾驶汽车和物联网（IoT）等广泛领域新兴人工智能应用的发展，引发人工智能在移动的和边缘设备中的广泛应用。该项目开发的新理论和技术将被整合到本科生和研究生教育中，并用于提高公众意识，促进对人工智能安全重要性的理解。该项目产生的数据，代码和结果将在适当时存储在由克莱姆森大学电气和计算机工程系管理的研究数据库中。所有数据将在本项目结束后至少保留五年，或在出版后至少保留五年，以较晚者为准。如果因研究方面的询问或调查而产生问题，则适用更长的期限。项目库将在http://ylao.people.clemson.edu/hardware_AI_securityThis奖下维护，反映了NSF的法定使命，并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估来支持。

项目成果

Genetic-based Joint Dynamic Pruning and Learning Algorithm to Boost DNN Performance

• DOI: 10.1109/icpr56361.2022.9956310
• 发表时间: 2022-08
• 期刊: 2022 26th International Conference on Pattern Recognition (ICPR)
• 作者: Azadeh Famili;Yingjie Lao

NNTesting: Neural Network Fault Attacks Detection Using Gradient-Based Test Vector Generation

• DOI: 10.1109/dac56929.2023.10247885
• 发表时间: 2023-07
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Antian Wang;Bingyin Zhao;Weihang Tan;Yingjie Lao

CLPA: Clean-Label Poisoning Availability Attacks Using Generative Adversarial Nets

• DOI: 10.1609/aaai.v36i8.20902
• 发表时间: 2022-06
• 作者: Bingyin Zhao;Yingjie Lao

DeepHardMark: Towards Watermarking Neural Network Hardware

• DOI: 10.1609/aaai.v36i4.20367
• 发表时间: 2022-06
• 作者: Joseph Clements;Yingjie Lao

In Pursuit of Preserving the Fidelity of Adversarial Images

追求保持对抗性图像的保真度

• DOI: 10.1109/icassp43922.2022.9747529
• 发表时间: 2022
• 期刊: Speech and Signal Processing (ICASSP
• 作者: Clements, Joseph;Lao, Yingjie
• 通讯作者: Lao, Yingjie