Detection and Recovery Against Deep Neural Network Fault Injection Attacks Based on Contrastive Learning
This addresses security vulnerabilities in DNN inference engines for applications requiring reliable AI systems, but it is incremental as it builds on existing contrastive learning methods.
The paper tackles the problem of Fault Injection Attacks (FIAs) on Deep Neural Networks by introducing a Contrastive Learning-based framework for detection and recovery, achieving promising effectiveness on the CIFAR-10 dataset with real-time detection and fast recovery using minimal testing data.
Deep Neural Network (DNN) models when implemented on executing devices as the inference engines are susceptible to Fault Injection Attacks (FIAs) that manipulate model parameters to disrupt inference execution with disastrous performance. This work introduces Contrastive Learning (CL) of visual representations i.e., a self-supervised learning approach into the deep learning training and inference pipeline to implement DNN inference engines with self-resilience under FIAs. Our proposed CL based FIA Detection and Recovery (CFDR) framework features (i) real-time detection with only a single batch of testing data and (ii) fast recovery effective even with only a small amount of unlabeled testing data. Evaluated with the CIFAR-10 dataset on multiple types of FIAs, our CFDR shows promising detection and recovery effectiveness.