摘要
基于新型存储器件RRAM的计算系统因为能够在内存中执行矩阵点乘向量运算而受到广泛的关注.然而,RRAM计算系统的安全性却未受到足够的重视.攻击者通过访问未授权的RRAM计算系统,进而以黑盒攻击的方式来获取存储于RRAM计算系统中的神经网络模型.以阻止此种攻击为目标,所提出的防御方法是基于良性木马,即当RRAM计算系统未授权时,系统中的木马极容易被激活,进而影响系统的输出预测准确性,从而保证系统不能正常运行;当RRAM计算系统被授权时,系统中的木马极难被误激活,从而系统能够正常运行.实验结果表明,该方法能够使未授权的RRAM计算系统的输出预测准确性降低至15%以下,并且硬件开销小于系统中RRAM硬件的4.5%.
Computing systems based on the emerging device resistive random-access memory(RRAM)have received a lot of attention due to its capability of performing matrix-vector-multiplications operations in memory.However,the security of the RRAM computing system has not been paid enough attention.An attacker can gain access to the neural network models stored in the RRAM computing system by illegally accessing an unauthorized RRAM computing system and then carrying on a black-box attack.The goal of this study is to thwart such attacks.The defense method proposed in this study is based on benign Trojan,which means that when the RRAM computing system is not authorized,the Trojan in the system are extremely easy to be activated,which in turn affects the prediction accuracy of the system's output,thus ensuring that the system is not able to operate normally;when the RRAM computing system is authorized,the Trojan in the system are extremely difficult to be activated accidently,thus enabling the system to operate normally.It is shown experimentally that the method enables the output prediction accuracy of an unauthorized RRAM computing system to be reduced to less than 15%,with a hardware overhead of less than 4.5% of the RRAM devices in the system.
作者
邹敏辉
周俊龙
孙晋
汪成亮
ZOU Min-Hui;ZHOU Jun-Long;SUN Jin;WANG Cheng-Liang(School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China;College of Computer Science,Chongqing University,Chongqing 400044,China)
出处
《软件学报》
EI
CSCD
北大核心
2021年第8期2457-2468,共12页
Journal of Software
基金
国家自然科学基金(61672115,61802185,61872185)
江苏省自然科学基金(BK20190447,BK20180470)
教育部中央高校基本科研业务费专项资金(30919011233,30919011402)
中国博士后科学基金(2020M680068)。
