Minhui Zou,Zhenhua Zhu,Tzofnat Greenberg-Toledo,Orian Leitersdorf,Jiang Li,Junlong Zhou,Yu Wang,Nan Du,Shahar Kvatinsky

DOI: https://doi.org/10.1109/tcad.2023.3322351

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:The execution of deep neural network (DNN) algorithms suffers from significant bottlenecks due to the separation of the processing and memory units in traditional computer systems. Emerging memristive computing systems introduce an in situ approach that overcomes this bottleneck. The non-volatility of memristive devices, however, may expose the DNN weights stored in memristive crossbars to potential theft attacks. Therefore, this paper proposes a two-dimensional permutation-based protection (TDPP) method that thwarts such attacks. We first introduce the underlying concept that motivates the TDPP method: permuting both the rows and columns of the DNN weight matrices. This contrasts with previous methods, which focused solely on permuting a single dimension of the weight matrices, either the rows or columns. While it's possible for an adversary to access the matrix values, the original arrangement of rows and columns in the matrices remains concealed. As a result, the extracted DNN model from the accessed matrix values would fail to operate correctly. We consider two different memristive computing systems (designed for layer-by-layer and layer-parallel processing, respectively) and demonstrate the design of the TDPP method that could be embedded into the two systems. Finally, we present a security analysis. Our experiments demonstrate that TDPP can achieve comparable effectiveness to prior approaches, with a high level of security when appropriately parameterized. In addition, TDPP is more scalable than previous methods and results in reduced area and power overheads. The area and power are reduced by, respectively, 1218× and 2815× for the layer-by-layer system and by 178× and 203× for the layer-parallel system compared to prior works.

Chenyun Pan,Azad Naeemi

DOI: https://doi.org/10.1109/TNANO.2016.2598147

2016-04-16

Abstract:Due to the massive parallel computing capability and outstanding image and signal processing performance, cellular neural network (CNN) is one promising type of non-Boolean computing system that can outperform the traditional digital logic computation and mitigate the physical scaling limit of the conventional CMOS technology. The CNN was originally implemented by VLSI analog technologies with operational amplifiers and operational transconductance amplifiers as neurons and synapses, respectively, which are power and area consuming. In this paper, we propose a hybrid structure to implement the CNN with magnetic components and CMOS peripherals with a complete driving and sensing circuitry. In addition, we propose a digitally programmable magnetic synapse that can achieve both positive and negative values of the templates. After rigorous performance analyses and comparisons, optimal energy is achieved based on various design parameters, including the driving voltage and the CMOS driving size. At a comparable footprint area and operation speed, a spintronic CNN is projected to achieve more than one order of magnitude energy reduction per operation compared to its CMOS counterpart.

Emerging Technologies

Cheng Wang,Chankyu Lee,Kaushik Roy

DOI: https://doi.org/10.1038/s41598-022-12555-0

2022-05-19

Abstract:The capability of emulating neural functionalities efficiently in hardware is crucial for building neuromorphic computing systems. While various types of neuro-mimetic devices have been investigated, it remains challenging to provide a compact device that can emulate spiking neurons. In this work, we propose a non-volatile spin-based device for efficiently emulating a leaky integrate-and-fire neuron. By incorporating an exchange-coupled composite free layer in spin-orbit torque magnetic tunnel junctions, multi-domain magnetization switching dynamics is exploited to realize gradual accumulation of membrane potential for a leaky integrate-and-fire neuron with compact footprints. The proposed device offers significantly improved scalability compared with previously proposed spin-based neuro-mimetic implementations while exhibiting high energy efficiency and good controllability. Moreover, the proposed neuron device exhibits a varying leak constant and a varying membrane resistance that are both dependent on the magnitude of the membrane potential. Interestingly, we demonstrate that such device-inspired dynamic behaviors can be incorporated to construct more robust spiking neural network models, and find improved resiliency against various types of noise injection scenarios. The proposed spintronic neuro-mimetic devices may potentially open up exciting opportunities for the development of efficient and robust neuro-inspired computational hardware.

Mahdieh Grailoo,Zain Ul Abideen,Mairo Leier,Samuel Pagliarini

DOI: https://doi.org/10.48550/arXiv.2204.00292

2022-04-01

Abstract:Neural networks (NNs) are already deployed in hardware today, becoming valuable intellectual property (IP) as many hours are invested in their training and optimization. Therefore, attackers may be interested in copying, reverse engineering, or even modifying this IP. The current practices in hardware obfuscation, including the widely studied logic locking technique, are insufficient to protect the actual IP of a well-trained NN: its weights. Simply hiding the weights behind a key-based scheme is inefficient (resource-hungry) and inadequate (attackers can exploit knowledge distillation). This paper proposes an intuitive method to poison the predictions that prevent distillation-based attacks; this is the first work to consider such a poisoning approach in hardware-implemented NNs. The proposed technique obfuscates a NN so an attacker cannot train the NN entirely or accurately. We elaborate a threat model which highlights the difference between random logic obfuscation and the obfuscation of NN IP. Based on this threat model, our security analysis shows that the poisoning successfully and significantly reduces the accuracy of the stolen NN model on various representative datasets. Moreover, the accuracy and prediction distributions are maintained, no functionality is disturbed, nor are high overheads incurred. Finally, we highlight that our proposed approach is flexible and does not require manipulation of the NN toolchain.

Cryptography and Security,Hardware Architecture,Machine Learning

Steven Louis,Hannah Bradley,Cody Trevillian,Andrei Slavin,Vasyl Tyberkevych

2024-10-18

Abstract:This paper proposes a novel spiking artificial neuron design based on a combined spin valve/magnetic tunnel junction (SV/MTJ). Traditional hardware used in artificial intelligence and machine learning faces significant challenges related to high power consumption and scalability. To address these challenges, spintronic neurons, which can mimic biologically inspired neural behaviors, offer a promising solution. We present a model of an SV/MTJ-based neuron which uses technologies that have been successfully integrated with CMOS in commercially available applications. The operational dynamics of the neuron are derived analytically through the Landau-Lifshitz-Gilbert-Slonczewski (LLGS) equation, demonstrating its ability to replicate key spiking characteristics of biological neurons, such as response latency and refractive behavior. Simulation results indicate that the proposed neuron design can operate on a timescale of about 1 ns, without any bias current, and with power consumption as low as 50 uW.

Applied Physics,Disordered Systems and Neural Networks

Chamika M. Liyanagedera,Abhronil Sengupta,Akhilesh Jaiswal,Kaushik Roy

DOI: https://doi.org/10.1103/PhysRevApplied.8.064017

2018-01-27

Abstract:Stochastic spiking neural networks based on nanoelectronic spin devices can be a possible pathway to achieving "brainlike" compact and energy-effcient cognitive intelligence. The computational model attempt to exploit the intrinsic device stochasticity of nanoelectronic synaptic or neural components to perform learning or inference. However, there has been limited analysis on the scaling effect of stochastic spin devices and its impact on the operation of such stochastic networks at the system level. This work attempts to explore the design space and analyze the performance of nanomagnet-based stochastic neuromorphic computing architectures for magnets with different barrier heights. We illustrate how the underlying network architecture must be modified to account for the random telegraphic switching behavior displayed by magnets with low barrier heights as they are scaled into the superparamagnetic regime. We perform a device-to-system-level analysis on a deep neural-network architecture for a digit-recognition problem on the MNIST data set.

Emerging Technologies

Valerio Venceslai,Alberto Marchisio,Ihsen Alouani,Maurizio Martina,Muhammad Shafique

DOI: https://doi.org/10.1109/IJCNN48605.2020.9207351

2020-05-17

Abstract:Due to their proven efficiency, machine-learning systems are deployed in a wide range of complex real-life problems. More specifically, Spiking Neural Networks (SNNs) emerged as a promising solution to the accuracy, resource-utilization, and energy-efficiency challenges in machine-learning systems. While these systems are going mainstream, they have inherent security and reliability issues. In this paper, we propose NeuroAttack, a cross-layer attack that threatens the SNNs integrity by exploiting low-level reliability issues through a high-level attack. Particularly, we trigger a fault-injection based sneaky hardware backdoor through a carefully crafted adversarial input noise. Our results on Deep Neural Networks (DNNs) and SNNs show a serious integrity threat to state-of-the art machine-learning techniques.

Cryptography and Security,Machine Learning

Abhronil Sengupta,Yong Shim,Kaushik Roy

DOI: https://doi.org/10.1109/TBCAS.2016.2525823

2016-02-03

Abstract:Non-Boolean computing based on emerging post-CMOS technologies can potentially pave the way for low-power neural computing platforms. However, existing work on such emerging neuromorphic architectures have either focused on solely mimicking the neuron, or the synapse functionality. While memristive devices have been proposed to emulate biological synapses, spintronic devices have proved to be efficient at performing the thresholding operation of the neuron at ultra-low currents. In this work, we propose an All-Spin Artificial Neural Network where a single spintronic device acts as the basic building block of the system. The device offers a direct mapping to synapse and neuron functionalities in the brain while inter-layer network communication is accomplished via CMOS transistors. To the best of our knowledge, this is the first demonstration of a neural architecture where a single nanoelectronic device is able to mimic both neurons and synapses. The ultra-low voltage operation of low resistance magneto-metallic neurons enables the low-voltage operation of the array of spintronic synapses, thereby leading to ultra-low power neural architectures. Device-level simulations, calibrated to experimental results, was used to drive the circuit and system level simulations of the neural network for a standard pattern recognition problem. Simulation studies indicate energy savings by ~ 100x in comparison to a corresponding digital/ analog CMOS neuron implementation.

Emerging Technologies

Kwunhang Wong,Songqi Wang,Wei Huang,Xinyuan Zhang,Yangu He,Karl M.H. Lai,Yuzhong Jiao,Ning Lin,Xiaojuan Qi,Xiaoming Chen,Zhongrui Wang

DOI: https://doi.org/10.1145/3676536.3676727

2024-08-26

Abstract:Biologically plausible Spiking Neural Networks (SNNs), characterized by spike sparsity, are growing tremendous attention over intellectual edge devices and critical bio-medical applications as compared to artificial neural networks (ANNs). However, there is a considerable risk from malicious attempts to extract white-box information (i.e., weights) from SNNs, as attackers could exploit well-trained SNNs for profit and white-box adversarial concerns. There is a dire need for intellectual property (IP) protective measures. In this paper, we present a novel secure software-hardware co-designed RRAM-based neuromorphic accelerator for protecting the IP of SNNs. Software-wise, we design a tailored genetic algorithm with classic XOR encryption to target the least number of weights that need encryption. From a hardware perspective, we develop a low-energy decryption module, meticulously designed to provide zero decryption latency. Extensive results from various datasets, including NMNIST, DVSGesture, EEGMMIDB, Braille Letter, and SHD, demonstrate that our proposed method effectively secures SNNs by encrypting a minimal fraction of stealthy weights, only 0.00005% to 0.016% weight bits. Additionally, it achieves a substantial reduction in energy consumption, ranging from x59 to x6780, and significantly lowers decryption latency, ranging from x175 to x4250. Moreover, our method requires as little as one sample per class in dataset for encryption and addresses hessian/gradient-based search insensitive problems. This strategy offers a highly efficient and flexible solution for securing SNNs in diverse applications.

Cryptography and Security

Xing Hu,Yang Zhao,Lei Deng,Ling Liang,Pengfei Zuo,Jing Ye,Yingyan Lin,Yuan Xie

DOI: https://doi.org/10.1109/tcad.2020.2995347

IF: 2.9

2021-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Deep neural network (DNN) accelerators are widely deployed in computer vision, speech recognition, and machine translation applications, in which attacks on DNNs have become a growing concern. This article focuses on exploring the implications of hardware Trojan attacks on DNNs. Trojans are one of the most challenging threat models in hardware security where adversaries insert malicious modifications to the original integrated circuits (ICs), leading to malfunction once being triggered. Such attacks can be conducted by adversaries because modern ICs commonly include third-party intellectual property (IP) blocks. Previous studies design hardware Trojans to attack DNNs with the assumption that adversaries have full knowledge or manipulation of the DNN systems' victim model and toolchain in addition to the hardware platforms, yet such a threat model is strict, limiting their practical adoption. In this article, we propose a memory Trojan methodology that implants the malicious logics merely into the memory controllers of DNN systems without the necessity of toolchain manipulation or accessing to the victim model and thus is feasible for practical uses. Specifically, we locate the input image data among the massive volume of memory traffics based on memory access patterns and propose a Trojan trigger mechanism based on detecting the geometric feature in input images. Extensive experiments show that the proposed trigger mechanism is effective even in the presence of environmental noises and preprocessing operations. Furthermore, we design and implement the payload and verify that the proposed Trojan technique can effectively conduct both untargeted and targeted attacks on DNNs.

Deming Zhang,Lang Zeng,Kaihua Cao,Mengxing Wang,Shouzhong Peng,Yue Zhang,Youguang Zhang,Jacques-Olivier Klein,Yu Wang,Weisheng Zhao

DOI: https://doi.org/10.1109/TBCAS.2016.2533798

2016-01-01

IEEE Transactions on Biomedical Circuits and Systems

Abstract:Artificial synaptic devices implemented by emerging post-CMOS non-volatile memory technologies such as Resistive RAM (RRAM) have made great progress recently. However, it is still a big challenge to fabricate stable and controllable multilevel RRAM. Benefitting from the control of electron spin instead of electron charge, spintronic devices, e.g., magnetic tunnel junction (MTJ) as a binary device, have been explored for neuromorphic computing with low power dissipation. In this paper, a compound spintronic device consisting of multiple vertically stacked MTJs is proposed to jointly behave as a synaptic device, termed as compound spintronic synapse (CSS). Based on our theoretical and experimental work, it has been demonstrated that the proposed compound spintronic device can achieve designable and stable multiple resistance states by interfacial and materials engineering of its components. Additionally, a compound spintronic neuron (CSN) circuit based on the proposed compound spintronic device is presented, enabling a multi-step transfer function. Then, an All Spin Artificial Neural Network (ASANN) is constructed with the CSS and CSN circuit. By conducting system-level simulations on the MNIST database for handwritten digital recognition, the performance of such ASANN has been investigated. Moreover, the impact of the resolution of both the CSS and CSN and device variation on the system performance are discussed in this work.

Chaoyi Ban,Linbo Shan,Gaoqi Yang,Jiajun Gao,Lindong Wu,Zongwei Wang,Yimao Cai,Ru Huang

DOI: https://doi.org/10.1109/snw63608.2024.10639247

2024-01-01

Abstract:Spiking Neural Networks (SNNs) have demonstrated significant potential in power-efficient edge computing. However, SNNs are vulnerable to adversarial attacks which seriously affects the accuracy and thus limits its application. In this study, a defense mechanism against adversarial attacks is demonstrated based on VO 2 spiking neuron. The spiking neuron circuit (SNC) can mimic the protective mechanism of neurons to effectively filter adversarial perturbations among input signals. Furthermore, we evaluate the ability of SNC-based SNNs against adversarial attacks with MNIST task. The SNC-based SNNs can effectively withstand adversarial attacks, achieving an 18.87% improvement in accuracy compared to the ReLU method under 30% disturbance. The results demonstrate that the SNC method has significant advantage in enhancing the SNN system's ability to resist adversarial attacks. This research provides an innovative solution to tackle the security issue in highly reliable neuromorphic computing.

Di Wang,Ruifeng Tang,Huai Lin,Long Liu,Nuo Xu,Yan Sun,Xuefeng Zhao,Ziwei Wang,Dandan Wang,Zhihong Mai,Yongjian Zhou,Nan Gao,Cheng Song,Lijun Zhu,Tom Wu,Ming Liu,Guozhong Xing

DOI: https://doi.org/10.1038/s41467-023-36728-1

IF: 16.6

2023-02-24

Nature Communications

Abstract:Abstract Neuromorphic computing using nonvolatile memories is expected to tackle the memory wall and energy efficiency bottleneck in the von Neumann system and to mitigate the stagnation of Moore’s law. However, an ideal artificial neuron possessing bio-inspired behaviors as exemplified by the requisite leaky-integrate-fire and self-reset (LIFT) functionalities within a single device is still lacking. Here, we report a new type of spiking neuron with LIFT characteristics by manipulating the magnetic domain wall motion in a synthetic antiferromagnetic (SAF) heterostructure. We validate the mechanism of Joule heating modulated competition between the Ruderman–Kittel–Kasuya–Yosida interaction and the built-in field in the SAF device, enabling it with a firing rate up to 17 MHz and energy consumption of 486 fJ/spike. A spiking neuron circuit is implemented with a latency of 170 ps and power consumption of 90.99 μW. Moreover, the winner-takes-all is executed with a current ratio >10 4 between activated and inhibited neurons. We further establish a two-layer spiking neural network based on the developed spintronic LIFT neurons. The architecture achieves 88.5% accuracy on the handwritten digit database benchmark. Our studies corroborate the circuit compatibility of the spintronic neurons and their great potential in the field of intelligent devices and neuromorphic computing.

multidisciplinary sciences

Gopalakrishnan Srinivasan,Abhronil Sengupta,Kaushik Roy

DOI: https://doi.org/10.1038/srep29545

IF: 4.6

2016-07-13

Scientific Reports

Abstract:Spiking Neural Networks (SNNs) have emerged as a powerful neuromorphic computing paradigm to carry out classification and recognition tasks. Nevertheless, the general purpose computing platforms and the custom hardware architectures implemented using standard CMOS technology, have been unable to rival the power efficiency of the human brain. Hence, there is a need for novel nanoelectronic devices that can efficiently model the neurons and synapses constituting an SNN. In this work, we propose a heterostructure composed of a Magnetic Tunnel Junction (MTJ) and a heavy metal as a stochastic binary synapse. Synaptic plasticity is achieved by the stochastic switching of the MTJ conductance states, based on the temporal correlation between the spiking activities of the interconnecting neurons. Additionally, we present a significance driven long-term short-term stochastic synapse comprising two unique binary synaptic elements, in order to improve the synaptic learning efficiency. We demonstrate the efficacy of the proposed synaptic configurations and the stochastic learning algorithm on an SNN trained to classify handwritten digits from the MNIST dataset, using a device to system-level simulation framework. The power efficiency of the proposed neuromorphic system stems from the ultra-low programming energy of the spintronic synapses.

multidisciplinary sciences

Robby Costales,Chengzhi Mao,Raphael Norwitz,Bryan Kim,Junfeng Yang

DOI: https://doi.org/10.1109/cvprw50498.2020.00406

2020-06-01

Abstract:Like all software systems, the execution of deep learning models is dictated in part by logic represented as data in memory. For decades, attackers have exploited traditional software programs by manipulating this data. We propose a live attack on deep learning systems that patches model parameters in memory to achieve predefined malicious behavior on a certain set of inputs. By minimizing the size and number of these patches, the attacker can reduce the amount of network communication and memory overwrites, with minimal risk of system malfunctions or other detectable side effects. We demonstrate the feasibility of this attack by computing efficient patches on multiple deep learning models. We show that the desired trojan behavior can be induced with a few small patches and with limited access to training data. We describe the details of how this attack is carried out on real systems and provide sample code for patching TensorFlow model parameters in Windows and in Linux. Lastly, we present a technique for effectively manipulating entropy on perturbed inputs to bypass STRIP, a state-of-the-art run-time trojan detection technique.

Ranyang Zhou,Sabbir Ahmed,Adnan Siraj Rakin,Shaahin Angizi

DOI: https://doi.org/10.48550/arXiv.2305.08034

2023-05-14

Cryptography and Security

Abstract:With deep learning deployed in many security-sensitive areas, machine learning security is becoming progressively important. Recent studies demonstrate attackers can exploit system-level techniques exploiting the RowHammer vulnerability of DRAM to deterministically and precisely flip bits in Deep Neural Networks (DNN) model weights to affect inference accuracy. The existing defense mechanisms are software-based, such as weight reconstruction requiring expensive training overhead or performance degradation. On the other hand, generic hardware-based victim-/aggressor-focused mechanisms impose expensive hardware overheads and preserve the spatial connection between victim and aggressor rows. In this paper, we present the first DRAM-based victim-focused defense mechanism tailored for quantized DNNs, named DNN-Defender that leverages the potential of in-DRAM swapping to withstand the targeted bit-flip attacks. Our results indicate that DNN-Defender can deliver a high level of protection downgrading the performance of targeted RowHammer attacks to a random attack level. In addition, the proposed defense has no accuracy drop on CIFAR-10 and ImageNet datasets without requiring any software training or incurring additional hardware overhead.

Karthikeyan Nagarajan,Junde Li,Sina Sayyah Ensan,Mohammad Nasim Imtiaz Khan,Sachhidh Kannan,Swaroop Ghosh

DOI: https://doi.org/10.48550/arXiv.2204.04768

IF: 14.4

2022-04-10

Artificial Intelligence

Abstract:Spiking Neural Networks (SNN) are quickly gaining traction as a viable alternative to Deep Neural Networks (DNN). In comparison to DNNs, SNNs are more computationally powerful and provide superior energy efficiency. SNNs, while exciting at first appearance, contain security-sensitive assets (e.g., neuron threshold voltage) and vulnerabilities (e.g., sensitivity of classification accuracy to neuron threshold voltage change) that adversaries can exploit. We investigate global fault injection attacks by employing external power supplies and laser-induced local power glitches to corrupt crucial training parameters such as spike amplitude and neuron's membrane threshold potential on SNNs developed using common analog neurons. We also evaluate the impact of power-based attacks on individual SNN layers for 0% (i.e., no attack) to 100% (i.e., whole layer under attack). We investigate the impact of the attacks on digit classification tasks and find that in the worst-case scenario, classification accuracy is reduced by 85.65%. We also propose defenses e.g., a robust current driver design that is immune to power-oriented attacks, improved circuit sizing of neuron components to reduce/recover the adversarial accuracy degradation at the cost of negligible area and 25% power overhead. We also present a dummy neuron-based voltage fault injection detection system with 1% power and area overhead.

Ning Lin,Shaocong Wang,Yue Zhang,Yangu He,Kwunhang Wong,Arindam Basu,Dashan Shang,Xiaoming Chen,Zhongrui Wang

2024-06-21

Abstract:Deep neural networks (DNNs), such as the widely-used GPT-3 with billions of parameters, are often kept secret due to high training costs and privacy concerns surrounding the data used to train them. Previous approaches to securing DNNs typically require expensive circuit redesign, resulting in additional overheads such as increased area, energy consumption, and latency. To address these issues, we propose a novel hardware-software co-design approach for DNN intellectual property (IP) protection that capitalizes on the inherent aging characteristics of circuits and a novel differential orientation fine-tuning (DOFT) to ensure effective protection. Hardware-wise, we employ random aging to produce authorized chips. This process circumvents the need for chip redesign, thereby eliminating any additional hardware overhead during the inference procedure of DNNs. Moreover, the authorized chips demonstrate a considerable disparity in DNN inference performance when compared to unauthorized chips. Software-wise, we propose a novel DOFT, which allows pre-trained DNNs to maintain their original accuracy on authorized chips with minimal fine-tuning, while the model's performance on unauthorized chips is reduced to random guessing. Extensive experiments on various models, including MLP, VGG, ResNet, Mixer, and SwinTransformer, with lightweight binary and practical multi-bit weights demonstrate that the proposed method achieves effective IP protection, with only 10\% accuracy on unauthorized chips, while preserving nearly the original accuracy on authorized ones.

Cryptography and Security,Hardware Architecture

Gorka Abad,Oguzhan Ersoy,Stjepan Picek,Aitor Urbieta

DOI: https://doi.org/10.14722/ndss.2024.24334

2024-02-05

Abstract:Deep neural networks (DNNs) have demonstrated remarkable performance across various tasks, including image and speech recognition. However, maximizing the effectiveness of DNNs requires meticulous optimization of numerous hyperparameters and network parameters through training. Moreover, high-performance DNNs entail many parameters, which consume significant energy during training. In order to overcome these challenges, researchers have turned to spiking neural networks (SNNs), which offer enhanced energy efficiency and biologically plausible data processing capabilities, rendering them highly suitable for sensory data tasks, particularly in neuromorphic data. Despite their advantages, SNNs, like DNNs, are susceptible to various threats, including adversarial examples and backdoor attacks. Yet, the field of SNNs still needs to be explored in terms of understanding and countering these attacks. This paper delves into backdoor attacks in SNNs using neuromorphic datasets and diverse triggers. Specifically, we explore backdoor triggers within neuromorphic data that can manipulate their position and color, providing a broader scope of possibilities than conventional triggers in domains like images. We present various attack strategies, achieving an attack success rate of up to 100% while maintaining a negligible impact on clean accuracy. Furthermore, we assess these attacks' stealthiness, revealing that our most potent attacks possess significant stealth capabilities. Lastly, we adapt several state-of-the-art defenses from the image domain, evaluating their efficacy on neuromorphic data and uncovering instances where they fall short, leading to compromised performance.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Shaahin Angizi,Zhezhi He,Yu Bai,Jie Han,Mingjie Lin,Ronald F. DeMara,Deliang Fan

DOI: https://doi.org/10.1145/3194554.3194618

2018-01-01

Abstract:ITRS has identified nano-magnet based spintronic devices as promising post-CMOS technologies for information processing and data storage due to their ultra-low switching energy, non-volatility, superior endurance, excellent retention time, high integration density and compatibility with CMOS technology. As for data storage, spintronic memory has been widely accepted as a universal high performance next-generation non-volatile memory candidate. As for information processing, spintronic computing remains complementary in its features to CMOS technology. In this paper, we present two innovative spintronic computing primitives, i.e. spintronic approximate logic and spintronic stochastic neural network, which both leverage the intrinsic spintronic device physics to achieve much more compact and efficient designs than CMOS counterparts. In spintronic approximate logic, we employ the intrinsic current-mode thresholding operation to implement an accuracy-configurable adder and further demonstrate its application in approximate DSP applications. In spintronic stochastic neural networks, we leverage the stochastic properties of domain wall devices and magnetic tunnel junction to implement a low-power and robust artificial neural network design.