Research Projects

Neural network hardware accelerators are becoming increasingly popular due to their ability to efficiently execute complex machine learning training and inference tasks, thus making them essential for many applications, including autonomous vehicles, robotics, and healthcare. However, these hardware accelerators are vulnerable to various adversarial attacks, including fault attacks, which can compromise their security and integrity. For example, an attacker could modify the weights and/or activations of a neural network using bit flips, causing the network to misclassify inputs, or insert a malicious hardware trojan that modifies its behaviour. Such attacks can have serious consequences, such as autonomous vehicles misidentifying traffic signs or medical equipment misdiagnosing patients. This makes the design of robust machine learning hardware accelerators resilient to adversarial fault attacks crucial for ensuring the safety and security of machine learning systems in various domains, including autonomous vehicles, medical equipment, and cybersecurity. Although software countermeasures have been explored against such adversarial fault attacks on neural network implementations, hardware-oriented techniques are yet to be implemented. Therefore, a robust machine learning hardware accelerator is proposed which can withstand these sophisticated attacks through circuit-level and architecture-level countermeasures while also maintaining performance. The proposed hardware accelerator will integrate a defender module with the traditional architecture to encrypt and decrypt the contents of off-chip DRAM while also performing error detection and correction to counter malicious data corruption in the memory. A lightweight cipher with masking-based side-channel countermeasure will be used for the encryption / decryption. The error correction codes will be embedded into the less significant bits of the neural network weights and activations, and the networks will be re-trained for accuracy. The proposed hardware accelerator will be implemented on FPGA platform with on-board DRAM and various standard neural networks will be evaluated. Extensive comparison of robustness and performance will also be done using the hardware accelerator with and without the proposed countermeasures. This will be the first comprehensive hardware demonstration of neural network acceleration with adversarial fault attack countermeasures, thus making a significant contribution in advancing this emerging field of research.