Collaborative Research: SHF: Medium: Approximate Computing for Machine Learning Security: Foundations and Accelerator Design

协作研究：SHF：媒介：机器学习安全的近似计算：基础和加速器设计

• 批准号: 2212427
• 负责人: Khaled Khasawneh
• 金额: $ 40万
• 依托单位: George Mason University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-08-01 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2212427&HistoricalAwards=false
• 关键词: Collaborative; Research; SHF; Medium; Approximate

Deep Neural Networks (DNNs) are achieving state-of-the-art performance on a large and expanding number of application domains. However, one of the threats to their wide-scale deployment is vulnerability to adversarial machine learning attacks, where an adversary injects small perturbations to the input data that cause the DNN to misclassify, with potentially dangerous outcomes (for example, mistaking a stop sign for a speed limit sign). In this project, the researchers will explore how building DNNs with approximate computing elements improves their robustness to these adversarial attacks. Approximate computing is a technique to build computing elements that are simpler (and therefore higher performing and more sustainable) but do not compute the exact result of an operation. The investigators will explore how to select approximate computing elements and use them in building sustainable DNN accelerators that balance performance, accuracy, and security.The proposal's expected contributions include developing new insights into the relationship between approximation and robustness of DNNs. The project will explore what types of approximation techniques result in effective DNNs that balance accuracy, performance, sustainability, and protection against adversarial attacks and develop optimization frameworks that can find optimal operating points along these dimensions. It will also explore how to build new approximate computing elements specifically targeted toward this application. The project will use these findings to build sustainable, performant, and accurate DNN accelerators. The project will also explore other approximate computing-based techniques to protect against other types of attacks threatening the security and privacy of DNNs, as well as for different deep neural network learning structures. The project is expected to have significant impacts on security, sustainability, and accuracy of machine learning models. The research team will share all of the byproducts of the research with the research community. The project will train graduate and undergraduate students. The investigators will develop new educational material for use in machine learning, computer architecture, and computer security classes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

深度神经网络（DNN）正在大量且不断扩展的应用领域中实现最先进的性能。 然而，其大规模部署的威胁之一是对抗性机器学习攻击的脆弱性，其中对手向输入数据注入小的扰动，导致DNN错误分类，并产生潜在的危险结果（例如，将停车标志误认为限速标志）。 在这个项目中，研究人员将探索如何构建具有近似计算元素的DNN，以提高它们对这些对抗性攻击的鲁棒性。 近似计算是一种构建更简单（因此性能更高且更可持续）但不计算操作的确切结果的计算元素的技术。 研究人员将探索如何选择近似计算元素，并将其用于构建可持续的DNN加速器，以平衡性能，准确性和安全性。该提案的预期贡献包括对DNN的近似和鲁棒性之间的关系提出新的见解。 该项目将探索什么类型的近似技术可以产生有效的DNN，从而平衡准确性，性能，可持续性和对抗性攻击的保护，并开发可以沿着这些维度找到最佳操作点的优化框架。 它还将探讨如何构建专门针对此应用程序的新的近似计算元素。 该项目将利用这些发现来构建可持续，高性能和准确的DNN加速器。 该项目还将探索其他基于近似计算的技术，以防止威胁DNN安全和隐私的其他类型的攻击，以及不同的深度神经网络学习结构。 该项目预计将对机器学习模型的安全性、可持续性和准确性产生重大影响。 研究团队将与研究社区分享研究的所有副产品。 该项目将培训研究生和本科生。 该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

A Brain-inspired Approach for Malware Detection using Sub-semantic Hardware Features

使用子语义硬件功能检测恶意软件的受大脑启发的方法

• DOI: 10.1145/3583781.3590293
• 发表时间: 2023
• 期刊: Proceedings Great Lakes Symposium on VLSI
• 作者: Parsa, Maryam;Khasawneh, Khaled N.;Alouani, Ihsen
• 通讯作者: Alouani, Ihsen

SecureVolt: Enhancing Deep Neural Networks Security via Undervolting

• DOI: 10.1109/tcad.2023.3296379
• 发表时间: 2023-12
• 期刊: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
• 影响因子: 2.9
• 作者: Md. Shohidul Islam;Ihsen Alouani;Khaled N. Khasawneh

VPP: Privacy Preserving Machine Learning via Undervolting

VPP：通过欠压保护隐私的机器学习

• DOI: 10.1109/host55118.2023.10133266
• 发表时间: 2023
• 期刊: IEEE International Symposium on Hardware Oriented Security and Trust (HOST
• 作者: Islam, Md Shohidul;Omidi, Behnam;Alouani, Ihsen;Khasawneh, Khaled N.
• 通讯作者: Khasawneh, Khaled N.

Stochastic-HMDs: Adversarial-Resilient Hardware Malware Detectors via Undervolting

随机 HMD：通过欠压实现对抗性弹性硬件恶意软件检测器

• 发表时间: 2023
• 期刊: Proceedings ACM IEEE Design Automation Conference
• 作者: Islam, Md Shohidul;Alouani, Ihsen;Khasawneh, Khaled N.
• 通讯作者: Khasawneh, Khaled N.