Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Zheyu Liu,Kaige Jia,Weiqiang Liu,Qi Wei,Fei Qiao,Huazhong Yang

DOI: https://doi.org/10.1109/iccad45719.2019.8942054

2019-11-01

Abstract:Approximate computing is a promising paradigm to deal with large computing workloads in fault-tolerant applications, providing opportunities to improve hardware efficiency of Deep Neural Networks (DNNs). However, it is still difficult to apply highly approximate arithmetics (e.g., multipliers) to DNNs due to the effect of error accumulation and the convergence problem in re-training phase. To tackle this limitation, we propose a hardware-software co-design algorithm, namely Incremental Network Approximation (INA). By addressing the convergence problem, INA promotes fault tolerance of DNNs, and yields more tradeoffs between accuracy and implementation cost. Experiments show that the approximate inference models re-trained by INA could achieve up to 80% hardware reduction in various hardware design level, while the classification accuracy degradation is less than 2%. Moreover, the experiments also exhibit the generality of INA algorithm for applying to various approximate multiplier design.

Zhenyu Wang,Donglian Qi,Zhenming Li,Jianliang Zhang

DOI: https://doi.org/10.17775/CSEEJPES.2022.04560

IF: 6.014

2023-01-01

CSEE Journal of Power and Energy Systems

Abstract:This paper explores the approximate solutions of AC power flow model with intractable nonlinearities, which significantly relaxes the strong condition of pre-estimated states for false data injection (FDI) attacks in power distribution systems. The main idea is to solve for complex-valued perturbations around a priori determined nominal voltage without neglecting quadratic terms in nonlinear power flow equations. We prove that based on power injection measurements, the approximate perturbations of the nodal voltage can be more accurately obtained by a recursive approximation with considering more nonlinear components than the results from power flow measurements. For FDI attacks, the strong requirement of pre-estimated states for constructing attack vector is relaxed by approximate states, while reflecting the intent of attackers and passing the bad data detection scheme in power system. Simulation results based on a symmetric balanced 56-node testbed verify the performance of the proposed nonlinear approximation in terms of accuracy and FDI attacks effect, compared with the commonly used linear method.

Pengfei Huang,Chenghua Wang,Weiqiang Liu,Fei Qiao,Fabrizio Lombardi

DOI: https://doi.org/10.1109/ojcs.2021.3051643

2021-01-01

IEEE Open Journal of the Computer Society

Abstract:As one of the most promising energy-efficient emerging paradigms for designing digital systems, approximate computing has attracted a significant attention in recent years. Applications utilizing approximate computing (AxC) can tolerate some loss of quality in the computed results for attaining high performance. Approximate arithmetic circuits have been extensively studied; however, their application at system level has not been extensively pursued. Furthermore, when approximate arithmetic circuits are applied at system level, error-accumulation effects and a convergence problem may occur in computation. Multiple approximate components can interact in a typical datapath, hence benefiting from each other. Many applications require more complex datapaths than a single multiplication. In this paper, a hardware/software co-design methodology for adaptive approximate computing is proposed. It makes use of feature constraints to guide the approximate computation at various accuracy levels in each iteration of the learning process in Artificial Neural Networks (ANNs). The proposed adaptive methodology also considers the input operand distribution and the hybrid approximation. Compared with a baseline design, the proposed method significantly reduces the power-delay product while incurring in only a small loss of accuracy. Simulation and a case study of image segmentation validate the effectiveness of the proposed methodology.

Shizhong Li,Wenchao Meng,Chen Liu,Shibo He

DOI: https://doi.org/10.1109/jiot.2024.3451449

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Artificial neural networks (ANNs) have been widely used for tasks like electricity theft detection (ETD) in smart meters. However, due to the subtle mechanisms and inherent opaque characteristics, ANNs are vulnerable to attacks. Although this attack surface poses significant risks, it has been largely overlooked in industrial scenarios. To alert the widespread adoption of industrial intelligence, this paper studies the impact of backdoor attacks in ETD for the first time and proposes a feature attention distillation defense. First, the attack surface in current model training pipeline is analyzed, and the adversaries can embed malicious backdoors for specific triggers to escape ETD. Then, six prevalent ANN-based models are tested and the adversaries can bypass the backdoored ETD models with success rates over 90.53%, which would inevitably bring huge losses to electricity companies. We further argue that the electricity companies can mitigate such attacks when noticing the abnormal non-technical loss. A novel feature attention distillation defense that aligns the intermediate feature maps between fine-tuned models and backdoored models is proposed, which can eliminate backdoors more efficiently with few resources compared with two classic defenses. The average attack success rate can drop by 90.71% with slight impacts on ETD performance. This work sheds light on a novel but perilous attack surface, and raises a warning for the wide adoption of artificial intelligence in smart measurement scenarios.

Sheikh Ariful Islam

DOI: https://doi.org/10.48550/arXiv.1912.01209

2019-12-03

Cryptography and Security

Abstract:The broad landscape of new applications requires minimal hardware resources without any sacrifice in Quality-of-Results. Approximate Computing (AC) has emerged to meet the demands of data-rich applications. Although AC applies techniques to improve the energy efficiency of error-tolerant applications at the cost of computational accuracy, new challenges in security threats of AC should be simultaneously addressed. In this paper, we introduce the security vulnerability of the concurrent AC synthesis. We analyze the threat landscape and provide a broader view of the attack and defense strategy. As a case study, we utilize AC synthesis technique to perform malicious modifications in the synthesized approximate netlist. Similarly, we provide a scalable defense framework for trustworthy AC synthesis.

Sumon Kumar Bose,Bapi Kar,Mohendra Roy,Pradeep Kumar Gopalakrishnan,Zhang Lei,Aakash Patil,Arindam Basu

DOI: https://doi.org/10.48550/arXiv.1912.01853

2019-12-04

Abstract:To overcome the energy and bandwidth limitations of traditional IoT systems, edge computing or information extraction at the sensor node has become popular. However, now it is important to create very low energy information extraction or pattern recognition systems. In this paper, we present an approximate computing method to reduce the computation energy of a specific type of IoT system used for anomaly detection (e.g. in predictive maintenance, epileptic seizure detection, etc). Termed as Anomaly Detection Based Power Savings (ADEPOS), our proposed method uses low precision computing and low complexity neural networks at the beginning when it is easy to distinguish healthy data. However, on the detection of anomalies, the complexity of the network and computing precision are adaptively increased for accurate predictions. We show that ensemble approaches are well suited for adaptively changing network size. To validate our proposed scheme, a chip has been fabricated in UMC65nm process that includes an MSP430 microprocessor along with an on-chip switching mode DC-DC converter for dynamic voltage and frequency scaling. Using NASA bearing dataset for machine health monitoring, we show that using ADEPOS we can achieve 8.95X saving of energy along the lifetime without losing any detection accuracy. The energy savings are obtained by reducing the execution time of the neural network on the microprocessor.

Machine Learning

Vassilis Vassiliadis,Charalampos Chalios,Konstantinos Parasyris,Christos D. Antonopoulos,Spyros Lalis,Nikolaos Bellas,Hans Vandierendonck,Dimitrios S. Nikolopoulos

DOI: https://doi.org/10.1007/s10766-016-0409-6

2016-03-24

International Journal of Parallel Programming

Abstract:Approximate execution is a viable technique for environments with energy constraints, provided that applications are given the mechanisms to produce outputs of the highest possible quality within the available energy budget. This paper introduces a framework for energy-constrained execution with controlled and graceful quality loss. A simple programming model allows developers to structure the computation in different tasks, and to express the relative importance of these tasks for the quality of the end result. For non-significant tasks, the developer can also supply less costly, approximate versions. The target energy consumption for a given execution is specified when the application is launched. A significance-aware runtime system employs an application-specific analytical energy model to decide how many cores to use for the execution, the operating frequency for these cores, as well as the degree of task approximation, so as to maximize the quality of the output while meeting the user-specified energy constraints. Evaluation on a dual-socket 16-core Intel platform using 9 kernels and applications shows that the proposed framework performs very close to an oracle always selecting the optimal configuration, both in terms of energy efficiency and quality of results. Also, a comparison with loop perforation (a well-known compile-time approximation technique), shows that the proposed framework results in significantly higher quality for the same energy budget.

computer science, theory & methods

Soumendu Kumar Ghosh,Arnab Raha,Vijay Raghunathan

DOI: https://doi.org/10.1145/3589766

2023-03-31

ACM Transactions on Embedded Computing Systems

Abstract:The rapid proliferation of the Internet of Things (IoT) and the dramatic resurgence of artificial intelligence (AI) based application workloads have led to immense interest in performing inference on energy-constrained edge devices. Approximate computing (a design paradigm that trades off a small degradation in application quality for disproportionate energy savings) is a promising technique to enable energy-efficient inference at the edge. This paper introduces the concept of an approximate edge inference system ( AxIS ) and proposes a systematic methodology to perform joint approximations between different subsystems in a deep neural network (DNN)-based edge inference system, leading to significant energy benefits compared to approximating individual subsystems in isolation. We use a smart camera system that executes various DNN-based image classification and object detection applications to illustrate how the sensor, memory, compute, and communication subsystems can all be approximated synergistically. We demonstrate our proposed methodology using two variants of a smart camera system: (a) Cam Edge , where the DNN is executed locally on the edge device, and (b) Cam Cloud , where the edge device sends the captured image to a remote cloud server that executes the DNN. We have prototyped such an approximate inference system using an Intel Stratix IV GX-based Terasic TR4-230 FPGA development board. Experimental results obtained using six large DNNs and four compact DNNs running image classification applications demonstrate significant energy savings (≈ 1.6 ×–4.7 × for large DNNs and ≈ 1.5 ×–3.6 × for small DNNs) for minimal (< \(1\% \) ) loss in application-level quality. Furthermore, results using four object detection DNNs exhibit energy savings of ≈ 1.5 ×–5.2 × for similar quality loss. Compared to approximating a single subsystem in isolation, AxIS achieves 1.05 ×–3.25 × gains in energy savings for image classification and 1.35 ×–4.2 × gains for object detection on average, for minimal ( \(\lt 1\% \) ) application-level quality loss.

computer science, software engineering, hardware & architecture

Chuanyi Ning,Zhiyu Xi

DOI: https://doi.org/10.1109/jsyst.2024.3350179

IF: 4.802

2024-03-19

IEEE Systems Journal

Abstract:This article addresses the issues of deception attacks design against state estimations and some key states in networked control systems (NCSs). Considering that the traditional stealthy attacks may lose their stealthiness in the presence of detectors with accumulative nature, the concept of improved stealthy attacks has been proposed. With the improved stealthy attack, estimation error will exhibit diverging behavior in naturally unstable systems. If the spectral radius of the system matrix is less than 1, it has been proved that the estimation errors or the divergence of key states are always bounded while suffering stealthy false data injection (FDI) attacks. Under such consideration, optimal FDI attack schemes are proposed such that the most significant impact, i.e., severest estimation error, can be achieved if stealthiness is still maintained. In addition, the problem of degrading some key states of NCSs is concerned with. Attack strategies are proposed to achieve divergence or the largest deviation of key states for systems with different spectral radii. Finally, simulation results are given to verify the feasibility and effectiveness of the proposed attack schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Kota Nishida,Yoshihiro Midoh,Noriyuki Miura,Satoshi Kawakami,Jun Shiomi

2024-11-22

Abstract:Silicon Photonics-based AI Accelerators (SPAAs) have been considered as promising AI accelerators achieving high energy efficiency and low latency. While many researchers focus on improving SPAAs' energy efficiency and latency, their physical security has not been sufficiently studied. This paper first proposes a threat of thermal fault injection attacks on SPAAs based on Vector-Matrix Multipliers (VMMs) utilizing Mach-Zhender Interferometers. This paper then proposes SecONN, an optical neural network framework that is capable of not only inferences but also concurrent detection of the attacks. In addition, this paper introduces a concept of Wavelength Division Perturbation (WDP) where wavelength dependent VMM results are utilized to increase detection accuracy. Simulation results show that the proposed method achieves 88.7% attack-caused average misprediction recall.

Optics,Cryptography and Security

Xin He,Liu Ke,Wenyan Lü,Guihai Yan,Xuan Zhang

DOI: https://doi.org/10.1145/3218603.3218643

2018-01-01

Abstract:The intrinsic error tolerance of neural network (NN) makes approximate computing a promising technique to improve the energy efficiency of NN inference. Conventional approximate computing focuses on balancing the efficiency-accuracy trade-off for existing pre-trained networks, which can lead to suboptimal solutions. In this paper, we propose AxTrain, a hardware-oriented training framework to facilitate approximate computing for NN inference. Specifically, AxTrain leverages the synergy between two orthogonal methods---one actively searches for a network parameters distribution with high error tolerance, and the other passively learns resilient weights by numerically incorporating the noise distributions of the approximate hardware in the forward pass during the training phase. Experimental results from various datasets with near-threshold computing and approximation multiplication strategies demonstrate AxTrain's ability to obtain resilient neural network parameters and system energy efficiency improvement.

Karthikeyan Nagarajan,Junde Li,Sina Sayyah Ensan,Mohammad Nasim Imtiaz Khan,Sachhidh Kannan,Swaroop Ghosh

DOI: https://doi.org/10.48550/arXiv.2204.04768

IF: 14.4

2022-04-10

Artificial Intelligence

Abstract:Spiking Neural Networks (SNN) are quickly gaining traction as a viable alternative to Deep Neural Networks (DNN). In comparison to DNNs, SNNs are more computationally powerful and provide superior energy efficiency. SNNs, while exciting at first appearance, contain security-sensitive assets (e.g., neuron threshold voltage) and vulnerabilities (e.g., sensitivity of classification accuracy to neuron threshold voltage change) that adversaries can exploit. We investigate global fault injection attacks by employing external power supplies and laser-induced local power glitches to corrupt crucial training parameters such as spike amplitude and neuron's membrane threshold potential on SNNs developed using common analog neurons. We also evaluate the impact of power-based attacks on individual SNN layers for 0% (i.e., no attack) to 100% (i.e., whole layer under attack). We investigate the impact of the attacks on digit classification tasks and find that in the worst-case scenario, classification accuracy is reduced by 85.65%. We also propose defenses e.g., a robust current driver design that is immune to power-oriented attacks, improved circuit sizing of neuron components to reduce/recover the adversarial accuracy degradation at the cost of negligible area and 25% power overhead. We also present a dummy neuron-based voltage fault injection detection system with 1% power and area overhead.

Mahdi Taheri,Mohammad Hasan Ahmadilivani,Maksim Jenihhin,Masoud Daneshtalab,Jaan Raik

2023-05-31

Abstract:Nowadays, the extensive exploitation of Deep Neural Networks (DNNs) in safety-critical applications raises new reliability concerns. In practice, methods for fault injection by emulation in hardware are efficient and widely used to study the resilience of DNN architectures for mitigating reliability issues already at the early design stages. However, the state-of-the-art methods for fault injection by emulation incur a spectrum of time-, design- and control-complexity problems. To overcome these issues, a novel resiliency assessment method called APPRAISER is proposed that applies functional approximation for a non-conventional purpose and employs approximate computing errors for its interest. By adopting this concept in the resiliency assessment domain, APPRAISER provides thousands of times speed-up in the assessment process, while keeping high accuracy of the analysis. In this paper, APPRAISER is validated by comparing it with state-of-the-art approaches for fault injection by emulation in FPGA. By this, the feasibility of the idea is demonstrated, and a new perspective in resiliency evaluation for DNNs is opened.

Machine Learning,Artificial Intelligence,Hardware Architecture

Julien M. Hendrickx,Karl Henrik Johansson,Raphael M. Jungers,Henrik Sandberg,Kin Cheong Sou

DOI: https://doi.org/10.1109/tac.2014.2351625

IF: 6.549

2014-12-01

IEEE Transactions on Automatic Control

Abstract:The resilience of Supervisory Control and Data Acquisition (SCADA) systems for electric power networks for certain cyber-attacks is considered. We analyze the vulnerability of the measurement system to false data attack on communicated measurements. The vulnerability analysis problem is shown to be NP-hard, meaning that unless P=NP there is no polynomial time algorithm to analyze the vulnerability of the system. Nevertheless, we identify situations, such as the full measurement case, where the analysis problem can be solved efficiently. In such cases, we show indeed that the problem can be cast as a generalization of the minimum cut problem involving nodes with possibly nonzero costs. We further show that it can be reformulated as a standard minimum cut problem (without node costs) on a modified graph of proportional size. An important consequence of this result is that our approach provides the first exact efficient algorithm for the vulnerability analysis problem under the full measurement assumption. Furthermore, our approach also provides an efficient heuristic algorithm for the general NP-hard problem. Our results are illustrated by numerical studies on benchmark systems including the IEEE 118-bus system.

automation & control systems,engineering, electrical & electronic

Giorgos Armeniakos,Georgios Zervakis,Dimitrios Soudris,Jörg Henkel

DOI: https://doi.org/10.1145/3527156

IF: 16.6

2022-03-25

ACM Computing Surveys

Abstract:Deep Neural Networks (DNNs) are very popular because of their high performance in various cognitive tasks in Machine Learning (ML). Recent advancements in DNNs have brought beyond human accuracy in many tasks, but at the cost of high computational complexity. To enable efficient execution of DNN inference, more and more research works, therefore, exploit the inherent error resilience of DNNs and employ Approximate Computing (AC) principles to address the elevated energy demands of DNN accelerators. This article provides a comprehensive survey and analysis of hardware approximation techniques for DNN accelerators. First, we analyze the state of the art and by identifying approximation families, we cluster the respective works with respect to the approximation type. Next, we analyze the complexity of the performed evaluations (with respect to the dataset and DNN size) to assess the efficiency, the potential, and limitations of approximate DNN accelerators. Moreover, a broad discussion is provided, regarding error metrics that are more suitable for designing approximate units for DNN accelerators as well as accuracy recovery approaches that are tailored to DNN inference. Finally, we present how Approximate Computing for DNN accelerators can go beyond energy efficiency and address reliability and security issues, as well.

computer science, theory & methods

Avishek Sinha Roy,Anindya Sundar Dhar

DOI: https://doi.org/10.48550/arXiv.1803.08005

2018-03-06

Abstract:In error-tolerant applications, approximate adders have been exploited extensively to achieve energy efficient system designs. Mean error distance is one of the important error metrics used as a performance measure of approximate adders. In this work, a fast and efficient methodology is proposed to determine the exact mean error distance in approximate lower significant bit adders. A detailed description of the proposed algorithm along with an example has been demonstrated in this paper. Experimental analysis shows that the proposed method performs better than existing Monte Carlo simulation approach both in terms of accuracy and execution time.

Other Computer Science,Emerging Technologies

Vassilis Vassiliadis,Konstantinos Parasyris,Christos D. Antonopoulos,Spyros Lalis,Nikolaos Bellas

DOI: https://doi.org/10.48550/arXiv.2111.13908

2021-11-27

Abstract:Hardware reliability is adversely affected by the downscaling of semiconductor devices and the scale-out of systems necessitated by modern applications. Apart from crashes, this unreliability often manifests as silent data corruptions (SDCs), affecting application output. Therefore, we need low-cost and low-human-effort solutions to reduce the incidence rate and the effects of SDCs on the quality of application outputs. We propose Artificial Neural Networks (ANNs) as an effective mechanism for online error detection. We train ANNs using software fault injection. We find that the average overhead of our approach, followed by a costly error correction by re-execution, is 6.45% in terms of CPU cycles. We also report that ANNs discover 94.85% of faults thereby resulting in minimal output quality degradation. To validate our approach we overclock ARM Cortex A53 CPUs, execute benchmarks on them and record the program outputs. ANNs prove to be an efficient error detection mechanism, better than a state of the art approximate error detection mechanism (Topaz), both in terms of performance (12.81% CPU overhead) and quality of application output (94.11% detection coverage).

Distributed, Parallel, and Cluster Computing

Tianmu Li,Shurui Li,Puneet Gupta

2023-04-09

Abstract:Approximate computing methods have shown great potential for deep learning. Due to the reduced hardware costs, these methods are especially suitable for inference tasks on battery-operated devices that are constrained by their power budget. However, approximate computing hasn't reached its full potential due to the lack of work on training methods. In this work, we discuss training methods for approximate hardware. We demonstrate how training needs to be specialized for approximate hardware, and propose methods to speed up the training process by up to 18X.

Machine Learning,Hardware Architecture

Tim Bucher,Lilas Alrahis,Guilherme Paim,Sergio Bampi,Ozgur Sinanoglu,Hussam Amrouch

DOI: https://doi.org/10.48550/arXiv.2208.10868

2022-08-23

Abstract:The globalization of the Integrated Circuit (IC) market is attracting an ever-growing number of partners, while remarkably lengthening the supply chain. Thereby, security concerns, such as those imposed by functional Reverse Engineering (RE), have become quintessential. RE leads to disclosure of confidential information to competitors, potentially enabling the theft of intellectual property. Traditional functional RE methods analyze a given gate-level netlist through employing pattern matching towards reconstructing the underlying basic blocks, and hence, reverse engineer the circuit's function. In this work, we are the first to demonstrate that applying Approximate Computing (AxC) principles to circuits significantly improves the resiliency against RE. This is attributed to the increased complexity in the underlying pattern-matching process. The resiliency remains effective even for Graph Neural Networks (GNNs) that are presently one of the most powerful state-of-the-art techniques in functional RE. Using AxC, we demonstrate a substantial reduction in GNN average classification accuracy-- from 98% to a mere 53%. To surmount the challenges introduced by AxC in RE, we propose the highly promising AppGNN platform, which enables GNNs (still being trained on exact circuits) to: (i) perform accurate classifications, and (ii) reverse engineer the circuit functionality, notwithstanding the applied approximation technique. AppGNN accomplishes this by implementing a novel graph-based node sampling approach that mimics generic approximation methodologies, requiring zero knowledge of the targeted approximation type. We perform an extensive evaluation and show that, using our method, we can improve the classification accuracy from 53% to 81% when classifying approximate adder circuits that have been generated using evolutionary algorithms, which our method is oblivious of.

Cryptography and Security