Enhancing Adversarial Attacks on Single-Layer NVM Crossbar-Based Neural Networks with Power Consumption Information
This addresses security risks for mission-critical autonomous systems by exploiting hardware-level vulnerabilities, but it is incremental as it builds on existing adversarial attack methods.
The paper tackled the vulnerability of single-layer neural networks on non-volatile memory crossbars by using power consumption information to enhance adversarial attacks, resulting in improved attack efficiency as shown in experiments with MNIST and CIFAR-10 datasets.
Adversarial attacks on state-of-the-art machine learning models pose a significant threat to the safety and security of mission-critical autonomous systems. This paper considers the additional vulnerability of machine learning models when attackers can measure the power consumption of their underlying hardware platform. In particular, we explore the utility of power consumption information for adversarial attacks on non-volatile memory crossbar-based single-layer neural networks. Our results from experiments with MNIST and CIFAR-10 datasets show that power consumption can reveal important information about the neural network's weight matrix, such as the 1-norm of its columns. That information can be used to infer the sensitivity of the network's loss with respect to different inputs. We also find that surrogate-based black box attacks that utilize crossbar power information can lead to improved attack efficiency.