Collaborative Research: SHF: Medium: Approximate Computing for Machine Learning Security: Foundations and Accelerator Design

协作研究：SHF：媒介：机器学习安全的近似计算：基础和加速器设计

• 批准号: 2212427
• 负责人: Khaled Khasawneh
• 金额: $ 40万
• 依托单位: George Mason University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-08-01 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2212427&HistoricalAwards=false
• 关键词: Collaborative; Research; SHF; Medium; Approximate

Deep Neural Networks (DNNs) are achieving state-of-the-art performance on a large and expanding number of application domains. However, one of the threats to their wide-scale deployment is vulnerability to adversarial machine learning attacks, where an adversary injects small perturbations to the input data that cause the DNN to misclassify, with potentially dangerous outcomes (for example, mistaking a stop sign for a speed limit sign). In this project, the researchers will explore how building DNNs with approximate computing elements improves their robustness to these adversarial attacks. Approximate computing is a technique to build computing elements that are simpler (and therefore higher performing and more sustainable) but do not compute the exact result of an operation. The investigators will explore how to select approximate computing elements and use them in building sustainable DNN accelerators that balance performance, accuracy, and security.The proposal's expected contributions include developing new insights into the relationship between approximation and robustness of DNNs. The project will explore what types of approximation techniques result in effective DNNs that balance accuracy, performance, sustainability, and protection against adversarial attacks and develop optimization frameworks that can find optimal operating points along these dimensions. It will also explore how to build new approximate computing elements specifically targeted toward this application. The project will use these findings to build sustainable, performant, and accurate DNN accelerators. The project will also explore other approximate computing-based techniques to protect against other types of attacks threatening the security and privacy of DNNs, as well as for different deep neural network learning structures. The project is expected to have significant impacts on security, sustainability, and accuracy of machine learning models. The research team will share all of the byproducts of the research with the research community. The project will train graduate and undergraduate students. The investigators will develop new educational material for use in machine learning, computer architecture, and computer security classes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

深度神经网络（DNNS）正在在大量且不断扩大的应用域上实现最先进的性能。 但是，对其大规模部署的威胁之一是对对抗机器学习攻击的脆弱性，在这种情况下，对手向输入数据注入小小的扰动，这会导致DNN错误分类，并具有潜在的危险结果（例如，将停止符号误以为是速度限制符号）。 在这个项目中，研究人员将探讨使用近似计算元素的构建DNN如何改善其对这些对抗性攻击的稳健性。 近似计算是一种构建更简单的计算元素（因此性能更高，更可持续）但没有计算操作的确切结果的技术。 研究人员将探索如何选择近似计算元素，并将其用于构建可持续的DNN加速器，以平衡性能，准确性和安全性。该提案的预期贡献包括对DNN的近似和稳健性之间的关系开发新的见解。 该项目将探索哪种类型的近似技术会导致有效的DNN，以平衡准确性，性能，可持续性和防止对抗性攻击的保护，并开发可以在这些维度上找到最佳操作点的优化框架。 它还将探讨如何构建针对此应用程序的专门针对的新的近似计算元素。 该项目将使用这些发现来建立可持续，性能和准确的DNN加速器。 该项目还将探索其他基于计算的技术，以防止其他类型的攻击威胁DNN的安全性和隐私以及不同的深神经网络学习结构。 预计该项目将对机器学习模型的安全性，可持续性和准确性产生重大影响。 研究团队将与研究界分享研究的所有副产品。 该项目将培训毕业生和本科生。 调查人员将开发新的教育材料，用于机器学习，计算机架构和计算机安全课程。该奖项反映了NSF的法定任务，并被认为是使用基金会的知识分子优点和更广泛的影响评估标准的评估值得支持的。

项目成果

A Brain-inspired Approach for Malware Detection using Sub-semantic Hardware Features

使用子语义硬件功能检测恶意软件的受大脑启发的方法

• DOI: 10.1145/3583781.3590293
• 发表时间: 2023
• 期刊: Proceedings Great Lakes Symposium on VLSI
• 作者: Parsa, Maryam;Khasawneh, Khaled N.;Alouani, Ihsen
• 通讯作者: Alouani, Ihsen

SecureVolt: Enhancing Deep Neural Networks Security via Undervolting

• DOI: 10.1109/tcad.2023.3296379
• 发表时间: 2023-12
• 期刊: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
• 影响因子: 2.9
• 作者: Md. Shohidul Islam;Ihsen Alouani;Khaled N. Khasawneh

VPP: Privacy Preserving Machine Learning via Undervolting

VPP：通过欠压保护隐私的机器学习

• DOI: 10.1109/host55118.2023.10133266
• 发表时间: 2023
• 期刊: IEEE International Symposium on Hardware Oriented Security and Trust (HOST
• 作者: Islam, Md Shohidul;Omidi, Behnam;Alouani, Ihsen;Khasawneh, Khaled N.
• 通讯作者: Khasawneh, Khaled N.

Stochastic-HMDs: Adversarial-Resilient Hardware Malware Detectors via Undervolting

随机 HMD：通过欠压实现对抗性弹性硬件恶意软件检测器

• 发表时间: 2023
• 期刊: Proceedings ACM IEEE Design Automation Conference
• 作者: Islam, Md Shohidul;Alouani, Ihsen;Khasawneh, Khaled N.
• 通讯作者: Khasawneh, Khaled N.