CAREER: Protecting Deep Learning Systems against Hardware-Oriented Vulnerabilities

职业：保护深度学习系统免受面向硬件的漏洞的影响

• 批准号: 2047384
• 负责人: Yingjie Lao
• 金额: $ 50万
• 依托单位: Clemson University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-05-01 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2047384&HistoricalAwards=false
• 关键词: CAREER; Protecting; Deep; Learning; Systems

Artificial intelligence (AI) has recently approached or even surpassed human-level performance in many applications. However, the successful deployment of AI requires sufficient robustness against adversarial attacks of all types and in all phases of the model life cycle. Although much progress has been made in enhancing the robustness of AI algorithms, there is a lack of systematic studies on hardware-oriented vulnerabilities and countermeasures, which also opens up demand for AI security education. Given this pressing need, this project aims at exploring novel hardware-oriented adversarial AI concepts and developing fundamental defensive strategies against such vulnerabilities to protect next-generation AI systems. This project has four thrusts. In Thrust 1, this project will exploit new adversarial attacks on deep neural network systems, featuring the design of an algorithm-hardware collaborative backdoor attack. Then in Thrust 2, it will develop methodologies that incorporate the hardware aspect into defense for enhancing adversarial robustness against vulnerabilities in the untrusted semiconductor supply chain. Subsequently, in Thrust 3, this project will develop novel signature embedding frameworks to protect the integrity of deep neural network models in the untrusted model building supply chain and finally in Thrust 4, it will model recovery strategies as an innovative approach to mitigate hardware-oriented fault attacks in the untrusted user-space.This project will yield novel methodologies for ensuring trust in AI systems from both the algorithm and hardware perspectives to meet the future needs of commercial products and national defense. In addition, it will catalyze advances in emerging AI applications across a broad range of sectors, including healthcare, autonomous vehicles, and Internet of things (IoT), triggering widespread implementation of AI in mobile and edge devices. New theories and techniques developed in this project will be integrated into undergraduate and graduate education and used to raise public awareness and promote understanding of the importance of AI security.Data, code and results generated in this project will be stored when appropriate in the research database managed by the Holcombe Department of Electrical and Computer Engineering at Clemson University. All data will be retained for at least five years after the end of this project or at least five years after publications, whichever is later. Longer periods will apply when questions arise from inquiries or investigations with respect to research. The project repository will be maintained under http://ylao.people.clemson.edu/hardware_AI_securityThis award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在许多应用中，人工智能（AI）最近接近甚至超过了人类水平的表现。但是，在模型生命周期的各个阶段中，成功的AI成功部署需要足够的鲁棒性来抵抗对抗性攻击。尽管在增强AI算法的鲁棒性方面取得了很多进展，但缺乏对面向硬件的漏洞和对策的系统研究，这也使对AI安全教育的需求开辟了需求。鉴于这种紧迫的需求，该项目旨在探索新颖的面向硬件的对抗性AI概念，并制定基本的防御策略，以防止这种脆弱性保护下一代AI系统。该项目有四个推力。在推力1中，该项目将利用对深神经网络系统的新对抗性攻击，其设计是算法 - 硬件协作后门攻击的设计。然后，在推力2中，它将开发方法，将硬件方面纳入防御，以增强对不受信任的半导体供应链中脆弱性的对抗性鲁棒性。随后，在推力3中，该项目将开发新颖的签名嵌入框架，以保护不信任的模型建筑供应链中深度神经网络模型的完整性，并最终将恢复策略模拟为一种创新的方法，以减轻针对硬件的攻击的创新方法，在不受信任的用户方面遇到新的方法，以实现这一目标。商业产品和国防的未来需求。此外，它将催化在包括医疗保健，自动驾驶汽车和物联网（IoT）在内的广泛领域的AI应用程序中的进步，从而在移动和边缘设备中触发了AI的广泛实现。该项目中开发的新理论和技术将集成到本科和研究生教育中，并用来提高公众意识，并促进对AI Security的重要性的理解。DATA，该项目生成的代码和结果将在Clemson大学电气和计算机工程部门管理的研究数据库中存储。所有数据将在该项目结束后至少保留五年，或者在发布后至少五年（以较晚者为准）保留。当有关研究的询问或调查引起问题时，将适用更长的时期。该项目存储库将根据http://ylao.people.clemson.edu/hardware_ai_securitythis Award颁发反映NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛的影响审查标准来评估的。

项目成果

Genetic-based Joint Dynamic Pruning and Learning Algorithm to Boost DNN Performance

• DOI: 10.1109/icpr56361.2022.9956310
• 发表时间: 2022-08
• 期刊: 2022 26th International Conference on Pattern Recognition (ICPR)
• 作者: Azadeh Famili;Yingjie Lao

NNTesting: Neural Network Fault Attacks Detection Using Gradient-Based Test Vector Generation

• DOI: 10.1109/dac56929.2023.10247885
• 发表时间: 2023-07
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Antian Wang;Bingyin Zhao;Weihang Tan;Yingjie Lao

Towards Class-Oriented Poisoning Attacks Against Neural Networks

• DOI: 10.1109/wacv51458.2022.00230
• 发表时间: 2020-07
• 期刊: 2022 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV)
• 作者: Bingyin Zhao;Yingjie Lao

In Pursuit of Preserving the Fidelity of Adversarial Images

追求保持对抗性图像的保真度

• DOI: 10.1109/icassp43922.2022.9747529
• 发表时间: 2022
• 期刊: Speech and Signal Processing (ICASSP
• 作者: Clements, Joseph;Lao, Yingjie
• 通讯作者: Lao, Yingjie

Data-Driven Feature Selection Framework for Approximate Circuit Design

• DOI: 10.1109/tcad.2023.3260160
• 发表时间: 2023-11
• 期刊: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
• 影响因子: 2.9
• 作者: Bingyin Zhao;Ling Qiu;Yingjie Lao