Efficiency-driven Hardware Optimization for Adversarially Robust Neural Networks

With a growing need to enable intelligence in embedded devices in the Internet of Things (IoT) era, secure hardware implementation of Deep Neural Networks (DNNs) has become imperative. We will focus on how to address adversarial robustness for DNNs through efficiency-driven hardware optimizations. Since memory (specifically, dot-product operations) is a key energy-spending component for DNNs, hardware approaches in the past have focused on optimizing the memory. One such approach is approximate digital CMOS memories with hybrid 6T-8T SRAM cells that enable supply voltage (Vdd) scaling yielding low-power operation, without significantly affecting the performance due to read/write failures incurred in the 6T cells. In this paper, we show how the bit-errors in the 6T cells of hybrid 6T-8T memories minimize the adversarial perturbations in a DNN. Essentially, we find that for different configurations of 8T-6T ratios and scaledVdd operation, noise incurred in the hybrid memory architectures is bound within specific limits. This hardware noise can potentially interfere in the creation of adversarial attacks in DNNs yielding robustness. Another memory optimization approach involves using analog memristive crossbars that perform Matrix-Vector-Multiplications (MVMs) efficiently with low energy and area requirements. However, crossbars generally suffer from intrinsic non-idealities that cause errors in performing MVMs, leading to degradation in the accuracy of the DNNs. We will show how the intrinsic hardware variations manifested through crossbar non-idealities yield adversarial robustness to the mapped DNNs without any additional optimization.

翻译：随着人们日益需要在互联网“事物”时代的嵌入装置中提供情报,确保深神经网络(DNN)的安全硬件实施已成为当务之急。我们将侧重于如何通过效率驱动的硬件优化解决DNN的对抗性强性。由于内存(特别是点产品操作)是DNN公司的关键能量消耗组成部分,过去硬件方法的重点是优化记忆。其中一种方法是将数字CMOS记忆与混合的 6T-8T 内向性内向性内向性软细胞相近,使供应压压(Vddd) 递增低功率的低功率动作,而不会显著影响6T细胞的读写/写失败导致DNNNW的性能。在本文件中,我们展示了6T 混合 6T-8T 记忆的六T 细胞中的比特剂是如何尽量减少DNNNN的对抗性触动的。基本上,我们发现对于8T-6T的低比率和规模的VDRM操作的不同配置,混合记忆结构中产生的噪音如何在特定的限度内进行。这种硬件噪音可能干扰了因6TMR-MRM 进行稳性内压的内向内压的内压的内压,使DMRM的内向的内压的内压使DM的内向内向内向性冲冲冲冲冲冲冲压。