A Hybrid Sparse-dense Defensive DNN Accelerator Architecture against Adversarial Example Attacks

IF 4.6 Q2 MATERIALS SCIENCE, BIOMATERIALS

ACS Applied Bio Materials Pub Date : 2024-07-09 DOI:10.1145/3677318

Xingbin Wang, Boyan Zhao, Yulan Su, Sisi Zhang, Fengkai Yuan, Jun Zhang, Dan Meng, Rui Hou

{"title":"A Hybrid Sparse-dense Defensive DNN Accelerator Architecture against Adversarial Example Attacks","authors":"Xingbin Wang, Boyan Zhao, Yulan Su, Sisi Zhang, Fengkai Yuan, Jun Zhang, Dan Meng, Rui Hou","doi":"10.1145/3677318","DOIUrl":null,"url":null,"abstract":"\n Understanding how to defend against adversarial attacks is crucial for ensuring the safety and reliability of these systems in real-world applications. Various adversarial defense methods are proposed, which aim to improve the robustness of neural networks against adversarial attacks by changing the model structure, adding detection networks, and adversarial purification network. However, deploying adversarial defense methods in existing DNN accelerators or defensive accelerators leads to many key issues. To address these challenges, this paper proposes\n sDNNGuard\n , an elastic heterogeneous DNN accelerator architecture that can efficiently orchestrate the simultaneous execution of original (\n target\n ) DNN networks and the\n detect\n algorithm or network. It not only supports for dense DNN detect algorithms, but also allows for sparse DNN defense methods and other mixed dense-sparse (e.g., dense-dense and sparse-dense) workloads to fully exploit the benefits of sparsity. sDNNGuard with a CPU core also supports the non-DNN computing and allows the special layer of the neural network, and used for the conversion for sparse storage format for weights and activation values. To reduce off-chip traffic and improve resources utilization, a new hardware abstraction with elastic on-chip buffer/computing resource management is proposed to achieve dynamical resource scheduling mechanism. We propose an\n extended AI instruction set\n for neural networks synchronization, task scheduling and efficient data interaction. Experiment results show that sDNNGuard can effectively validate the legitimacy of the input samples in parallel with the target DNN model, achieving an average 1.42 × speedup compared with the state-of-the-art accelerators.\n","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":"41 16","pages":""},"PeriodicalIF":4.6000,"publicationDate":"2024-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3677318","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}

引用次数: 0

Abstract

Understanding how to defend against adversarial attacks is crucial for ensuring the safety and reliability of these systems in real-world applications. Various adversarial defense methods are proposed, which aim to improve the robustness of neural networks against adversarial attacks by changing the model structure, adding detection networks, and adversarial purification network. However, deploying adversarial defense methods in existing DNN accelerators or defensive accelerators leads to many key issues. To address these challenges, this paper proposes sDNNGuard , an elastic heterogeneous DNN accelerator architecture that can efficiently orchestrate the simultaneous execution of original ( target ) DNN networks and the detect algorithm or network. It not only supports for dense DNN detect algorithms, but also allows for sparse DNN defense methods and other mixed dense-sparse (e.g., dense-dense and sparse-dense) workloads to fully exploit the benefits of sparsity. sDNNGuard with a CPU core also supports the non-DNN computing and allows the special layer of the neural network, and used for the conversion for sparse storage format for weights and activation values. To reduce off-chip traffic and improve resources utilization, a new hardware abstraction with elastic on-chip buffer/computing resource management is proposed to achieve dynamical resource scheduling mechanism. We propose an extended AI instruction set for neural networks synchronization, task scheduling and efficient data interaction. Experiment results show that sDNNGuard can effectively validate the legitimacy of the input samples in parallel with the target DNN model, achieving an average 1.42 × speedup compared with the state-of-the-art accelerators.

查看原文本刊更多论文

针对对抗性示例攻击的稀疏-密集混合防御 DNN 加速体系结构

了解如何抵御对抗性攻击对于确保这些系统在实际应用中的安全性和可靠性至关重要。人们提出了各种对抗性防御方法，旨在通过改变模型结构、添加检测网络和对抗性净化网络来提高神经网络对抗对抗性攻击的鲁棒性。然而，在现有的 DNN 加速器或防御型加速器中部署对抗性防御方法会导致许多关键问题。为了应对这些挑战，本文提出了一种弹性异构 DNN 加速器架构 sDNNGuard，它可以高效地协调原始（目标）DNN 网络和检测算法或网络的同时执行。它不仅支持密集 DNN 检测算法，还支持稀疏 DNN 防御方法和其他密稀混合（如密集-密集和稀疏-密集）工作负载，以充分发挥稀疏性的优势。sDNNGuard 的 CPU 内核还支持非 DNN 计算，允许神经网络的特殊层，并用于权重和激活值的稀疏存储格式转换。为了减少片外流量并提高资源利用率，我们提出了一种具有弹性片上缓冲区/计算资源管理的新硬件抽象，以实现动态资源调度机制。我们为神经网络同步、任务调度和高效数据交互提出了一个扩展的人工智能指令集。实验结果表明，sDNNGuard 可以与目标 DNN 模型并行有效地验证输入样本的合法性，与最先进的加速器相比平均提速 1.42 倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACS Applied Bio Materials Chemistry-Chemistry (all)

CiteScore

9.40

自引率

2.10%

发文量

464

期刊介绍： ACS Applied Bio Materials is an interdisciplinary journal publishing original research covering all aspects of biomaterials and biointerfaces including and beyond the traditional biosensing, biomedical and therapeutic applications. The journal is devoted to reports of new and original experimental and theoretical research of an applied nature that integrates knowledge in the areas of materials, engineering, physics, bioscience, and chemistry into important bio applications. The journal is specifically interested in work that addresses the relationship between structure and function and assesses the stability and degradation of materials under relevant environmental and biological conditions.