CANCELLED: Leveraging Noise and Aggressive Quantization of In-Memory Computing for Robustness Improvement of DNN Hardware Against Adversarial Input and Weight Attacks
TimeWednesday, December 8th2:30pm - 3:00pm PST
Event Type
Research Manuscript
Virtual Programs
Presented In-Person
Hardware Security: Attack and Defense
DescriptionIn-memory computing (IMC) substantially improves the energy-efficiency of deep neural network (DNNs) hardware by activating many rows together and performing analog computing. The noisy analog IMC can be leveraged for enhancing adversarial robustness. We present a new DNN training scheme that integrates measured IMC noise and aggressive partial-sum quantization at IMC crossbar. We show that this effectively improves the robustness of IMC DNN hardware against adversarial attacks on DNN input image and bit-flip attacks on DNN weights. DNN robustness accuracy improvements of up to 10% are obtained, compared to conventionally inferred DNNs, for black-box adversarial input and adversarial weight attacks.