Recently, Deep Learning (DL), especially Convolutional Neural Network (CNN), develops rapidly and is applied to many tasks, such as image classification, face recognition, image segmentation, and human detection. Due ...
详细信息
ISBN:
(纸本)9781538670996
Recently, Deep Learning (DL), especially Convolutional Neural Network (CNN), develops rapidly and is applied to many tasks, such as image classification, face recognition, image segmentation, and human detection. Due to its superior performance, DL-based models have a wide range of application in many areas, some of which are extremely safety-critical, e.g. intelligent surveillance and autonomous driving. Due to the latency and privacy problem of cloud computing, embedded accelerators are popular in these safety-critical areas. However, the robustness of the embedded DL system might be harmed by inserting hardware/software Trojans into the accelerator and the neural network model, since the accelerator and deploy tool (or neural network model) are usually provided by third-party companies. Fortunately, inserting hardware Trojans can only achieve inflexible attack, which means that hardware Trojans can easily break down the whole system or exchange two outputs, but can't make CNN recognize unknown pictures as targets. Though inserting software Trojans has more freedom of attack, it often requires tampering input images, which is not easy for attackers. So, in this paper, we propose a hardware-software collaborative attack framework to inject hidden neural network Trojans, which works as a back-door without requiring manipulating input images and is flexible for different scenarios. We test our attack framework for image classification and face recognition tasks, and get attack success rate of 92.6% and 100% on CIFAR10 and YouTube Faces, respectively, while keeping almost the same accuracy as the unattacked model in the normal mode. In addition, we show a specific attack scenario in which a face recognition system is attacked and gives a specific wrong answer.
In the field of approximate nearest neighbor (ANN) search, rare of the existing approaches are tailored for video applications. The Ring Intersection Approximate Nearest Neighbor (RIANN) is the first ANN search algori...
详细信息
ISBN:
(纸本)9781479970612
In the field of approximate nearest neighbor (ANN) search, rare of the existing approaches are tailored for video applications. The Ring Intersection Approximate Nearest Neighbor (RIANN) is the first ANN search algorithm for videos. It achieves real-time by performing the ANN search on the sparse grid and interpolating others. For some applications, the dense ANN search is needed to ensure the searching accuracy. To achieve dense ANN search in real-time, we consider the parallel computing as a solution. However, the RIANN algorithm is not suitable for parallel computing as the algorithm itself suffers from bad thread coherency. In this paper, we propose the Sphere Ring Intersection Approximate Nearest Neighbor (SRIANN), which solves the problem of bad thread coherency and improves the accuracy of ANN search compared to the original RIANN method. The experimental results show that the proposed method is the only one able to perform dense ANN search for CIF videos in real-time.
The predictability of non-functional execution qualities is of utmost importance for the successful introduction of multi-core architectures in embedded systems requiring guarantees rather than best effort behavior. D...
详细信息
ISBN:
(纸本)9781538674796
The predictability of non-functional execution qualities is of utmost importance for the successful introduction of multi-core architectures in embedded systems requiring guarantees rather than best effort behavior. Due to the exclusive utilization of claimed resources, invasive computing provides isolation of applications on multi-core systems. This provides composability that allows to characterize and analyze individual applications statically and independent from others. In this paper, we demonstrate the principles of this resource-aware computing paradigm as an enabler for predictability of multiple non-functional properties, i.e., timing and reliability, applied to a cyber-physical system. In particular, we present the application and multi-processor implementation of a reliable and time-predictable acceleration of object detection algorithms for hard real-time control of an inverted pendulum.
暂无评论