SafeLight: Enhancing Security in Optical Convolutional Neural Network Accelerators

Salma Afifi,Ishan Thakkar,Sudeep Pasricha
2024-11-23
Abstract:The rapid proliferation of deep learning has revolutionized computing hardware, driving innovations to improve computationally expensive multiply-and-accumulate operations in deep neural networks. Among these innovations are integrated silicon-photonic systems that have emerged as energy-efficient platforms capable of achieving light speed computation and communication, positioning optical neural network (ONN) platforms as a transformative technology for accelerating deep learning models such as convolutional neural networks (CNNs). However, the increasing complexity of optical hardware introduces new vulnerabilities, notably the risk of hardware trojan (HT) attacks. Despite the growing interest in ONN platforms, little attention has been given to how HT-induced threats can compromise performance and security. This paper presents an in-depth analysis of the impact of such attacks on the performance of CNN models accelerated by ONN accelerators. Specifically, we show how HTs can compromise microring resonators (MRs) in a state-of-the-art non-coherent ONN accelerator and reduce classification accuracy across CNN models by up to 7.49% to 80.46% by just targeting 10% of MRs. We then propose techniques to enhance ONN accelerator robustness against these attacks and show how the best techniques can effectively recover the accuracy drops.
Cryptography and Security,Hardware Architecture,Machine Learning
What problem does this paper attempt to address?
The problem that this paper attempts to solve is the impact of hardware Trojan horse (HT) attacks in optical convolutional neural network (CNN) accelerators on performance and security. Specifically, the article explores the following issues: 1. **Threat of hardware Trojan horse attacks**: With the increasing application of silicon photonics technology in deep - learning hardware accelerators, the increase in hardware complexity has introduced new security vulnerabilities, especially the risk of hardware Trojan horse (HT) attacks. These attacks may significantly reduce the classification accuracy of CNN models by maliciously tampering with key optoelectronic devices such as micro - ring resonators (MRs). 2. **Specific impacts of the attacks**: The article analyzes in detail the impacts of two main types of HT attacks - actuation attacks and thermal hotspot attacks - on the operation of micro - ring resonators in incoherent optical CNN accelerators. Research shows that by attacking only 10% of MRs, the classification accuracy of different CNN models can be reduced by 7.49% to 80.46%. 3. **Proposing mitigation measures**: To counter these attacks, the article proposes several software - level mitigation techniques, including regularization techniques and anti - noise training methods. These methods aim to improve the robustness of ONN accelerators and reduce the impact of HT attacks on model performance. ### Specific problem description - **Hardware Trojan horse attacks**: HT attacks can disrupt the normal operation of CNN accelerators by tampering with hardware circuits. For example, actuation attacks can put some MRs in an "off - resonance" state, preventing them from performing calculations correctly; thermal hotspot attacks cause the resonance wavelength of MRs to shift due to temperature changes, thus destroying their functions. - **Impact on CNN model performance**: CNN models with different architectures have different sensitivities to HT attacks. For smaller models (such as MNIST), the performance degradation is more obvious when the FC layer is attacked; for larger models (such as ResNet18 and VGG16), the performance degradation is more severe when the CONV layer is attacked. - **Mitigation techniques**: - **Regularization techniques**: Adjust the model weights through L2 regularization to reduce the impact of noise on output neurons, thereby improving the robustness of the model. - **Anti - noise training**: Introduce Gaussian noise during the training process, enabling the model to better adapt to the uncertainties brought by HT attacks and enhancing its anti - noise ability. ### Conclusion The article experimentally verifies the serious impact of HT attacks on optical CNN accelerators and proposes effective software mitigation strategies, providing an important reference for designing safer and more reliable optical neural network accelerators in the future.