On the Intrinsic Robustness of NVM Crossbars against Adversarial Attacks
TimeWednesday, December 8th1:30pm - 2:00pm PST
Hardware Security: Attack and Defense
DescriptionNon-volatile memory (NVM) based crossbars promise fast and energy-efficient in-situ matrix-vector multiplications (MVM). However, the analog nature of computing in these NVM crossbars introduces approximations in the MVM operations. In this paper, we study the impact of these non-idealities on the performance of DNNs under adversarial circumstances. When the attacker crafts Adversarial images without the knowledge of the underlying analog hardware, we observe a varying degree of intrinsic robustness against both the Black Box and White Box attacks. We also demonstrate "Hardware-in-Loop" adaptive attacks that circumvent this robustness by utilizing the knowledge of the NVM model.