Runtime Fault Injection Detection for FPGA-based DNN Execution Using Siamese Path Verification
Xianglong Fenga, Mengmei Yeb, Ke Xiac and Sheng Weid
Department of Electrical and Computer Engineering Rutgers University, Piscataway, NJ, USA
axianglong.feng@rutgers.edu
bmengmei.ye@rutgers.edu
cke.xia@rutgers.edu
dsheng.wei@rutgers.edu
ABSTRACT
Deep neural networks (DNNs) have been deployed on FPGAs to achieve improved performance, power efficiency, and design flexibility. However, the FPGA-based DNNs are vulnerable to fault injection attacks that aim to compromise the original functionality. The existing defense methods either duplicate the models and check the consistency of the results at runtime, or strengthen the robustness of the models by adding additional neurons. However, these existing methods could introduce huge overhead or require retraining the models. In this paper, we develop a runtime verification method, namely Siamese path verification (SPV), to detect fault injection attacks for FPGAbased DNN execution. By leveraging the computing features of the DNN and designing the weight parameters, SPV adds neurons to check the integrity of the model without impacting the original functionality and, therefore, model retraining is not required. We evaluate the proposed SPV approach on Xilinx Virtex-7 FPGA using the MNIST dataset. The evaluation results show that SPV achieves the security goal with low overhead.