Back to Search Start Over

DetectX—Adversarial Input Detection Using Current Signatures in Memristive XBar Arrays.

Authors :
Moitra, Abhishek
Panda, Priyadarshini
Source :
IEEE Transactions on Circuits & Systems. Part I: Regular Papers. Nov2021, Vol. 68 Issue 11, p4482-4494. 13p.
Publication Year :
2021

Abstract

Adversarial input detection has emerged as a prominent technique to harden Deep Neural Networks (DNNs) against adversarial attacks. Most prior works use neural network-based detectors or complex statistical analysis for adversarial detection. These approaches are computationally intensive and vulnerable to adversarial attacks. To this end, we propose DetectX—A hardware friendly adversarial detection mechanism using hardware signatures like Sum of column Currents (SoI) in memristive crossbars (XBar). We show that adversarial inputs have higher SoI compared to clean inputs. However, the difference is too small for reliable adversarial detection. Hence, we propose a dual-phase training methodology: Phase1 training is geared towards increasing the separation between clean and adversarial SoIs; Phase2 training improves the overall robustness against different strengths of adversarial attacks. For hardware-based adversarial detection, we implement the DetectX module using 32 nm CMOS circuits and integrate it with a Neurosim-like analog crossbar architecture. We perform hardware evaluation of the Neurosim+DetectX system on the Neurosim platform using datasets-CIFAR10(VGG8), CIFAR100(VGG16) and TinyImagenet(ResNet18). Our experiments show that DetectX is 10x-25x more energy efficient and immune to dynamic adversarial attacks compared to previous state-of-the-art works. Moreover, we achieve high detection performance (ROC-AUC>0.95) for strong white-box and black-box attacks. [ABSTRACT FROM AUTHOR]

Details

Language :
English
ISSN :
15498328
Volume :
68
Issue :
11
Database :
Academic Search Index
Journal :
IEEE Transactions on Circuits & Systems. Part I: Regular Papers
Publication Type :
Periodical
Accession number :
153763198
Full Text :
https://doi.org/10.1109/TCSI.2021.3110487