The proliferation of AI technology gives rise to a variety of security threats, which significantly compromise the confidentiality and integrity of AI models and applications. Existing software-based solutions mainly target one specific attack, and require the implementation into the models, rendering them less practical. We design UniGuard, a novel unified and non-intrusive detection methodology to safeguard FPGA-based AI accelerators. The core idea of UniGuard is to harness power side-channel information generated during model inference to spot any anomaly. We employ a Time-to-Digital Converter to capture power fluctuations and train a supervised machine learning model to identify various types of threats. Evaluations demonstrate that UniGuard can achieve 94.0% attack detection accuracy, with high generalization over unknown or adaptive attacks and robustness against varied configurations (e.g., sensor frequency and location).

翻译：AI技术的普及引发了多种安全威胁，严重损害了AI模型及应用的机密性和完整性。现有基于软件的解决方案通常针对单一攻击类型，且需在模型中植入检测模块，实用性受限。我们设计了UniGuard——一种新颖的统一且非侵入式检测方法，用于保护基于FPGA的AI加速器。UniGuard的核心思想是利用模型推理过程中产生的功耗侧信道信息来发现异常。我们采用时间数字转换器捕获功耗波动，并训练监督式机器学习模型以识别多种威胁类型。评估表明，UniGuard可实现94.0%的攻击检测准确率，对未知或自适应攻击具有高泛化能力，且对传感器频率、位置等不同配置具有鲁棒性。