Improving Neural Network Fault Tolerance Against Weight Attack

Abstract

The increase of neural networks used in mission-critical applications requires protecting model parameters to maintain correct inferences. While traditional threats like adversarial inputs have been well-studied, recent research in neural network security has explored attacking model weights to degrade prediction accuracy. Many studies focused on developing fault detection methods, and few recovery strategies have been offered. This work proposes combining neural compression technique with modular redundancy to enhance model parameters' fault tolerance against adversarial bit-flips at runtime. The fault tolerance improvement of the proposed method is demonstrated with two model architectures and two datasets. Further, a field programmable gate array realization of the scheme has been implemented to demonstrate a hardware proof of concept.