A Forward Error Compensation Approach for Fault Resilient Deep Neural Network Accelerator Design

Deep learning accelerator is a key enabler of a variety of safety-critical applications such as self-driving car and video surveillance. However, recently reported hardware-oriented attack vectors, e.g., fault injection attacks, have extended the threats on deployed deep neural network (DNN) systems beyond the software attack boundary by input data perturbation. Existing fault mitigation schemes including data masking, zeroing-on-error and circuit level time-borrowing techniques exploit the noise-tolerance of neural network models to resist random and sparse errors. Such noise tolerant-based schemes are not sufficiently effective to suppress intensive transient errors if a DNN accelerator is blasted with malicious and deliberate faults. In this paper, we conduct comprehensive investigations on reported resilient designs and propose a more robust countermeasure to fault injection attacks. The proposed design utilizes shadow flip flops for error detection and lightweight circuit for timely error correction. Our forward error compensation scheme rectifies the incorrect partial sum of the multiply-accumulation operation by estimating the difference between the correct and error-inflicted computation. The difference is added back to the final accumulated result at a later cycle without stalling the execution pipeline. We implemented our proposed design and the existing fault-mitigation schemes on the same Intel FPGA-based DNN accelerator to demonstrate its substantially enhanced resiliency against deliberate fault attacks on two popular DNN models, ResNet50 and VGG16, trained with ImageNet.