CN114547966A - Neural network accelerator fault vulnerability assessment method based on hardware characteristic information - Google Patents

Neural network accelerator fault vulnerability assessment method based on hardware characteristic information Download PDF

Info

Publication number
CN114547966A
CN114547966A CN202210022402.6A CN202210022402A CN114547966A CN 114547966 A CN114547966 A CN 114547966A CN 202210022402 A CN202210022402 A CN 202210022402A CN 114547966 A CN114547966 A CN 114547966A
Authority
CN
China
Prior art keywords
fault
neural network
hardware
vulnerability
distribution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210022402.6A
Other languages
Chinese (zh)
Inventor
张帆
宣博瀚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN202210022402.6A priority Critical patent/CN114547966A/en
Publication of CN114547966A publication Critical patent/CN114547966A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • G06F30/27Design optimisation, verification or simulation using machine learning, e.g. artificial intelligence, neural networks, support vector machines [SVM] or training a model
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/047Probabilistic or stochastic networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/06Physical realisation, i.e. hardware implementation of neural networks, neurons or parts of neurons
    • G06N3/063Physical realisation, i.e. hardware implementation of neural networks, neurons or parts of neurons using electronic means
    • G06N3/065Analogue means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/08Probabilistic or stochastic CAD
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/02Reliability analysis or reliability optimisation; Failure analysis, e.g. worst case scenario performance, failure mode and effects analysis [FMEA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Engineering & Computer Science (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Neurology (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • Geometry (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a neural network accelerator fault vulnerability assessment method based on hardware characteristic information, which comprises the following steps: extracting hardware information characteristics of a neural network running on a hardware accelerator, wherein the information characteristics comprise characteristics of the neural network under a normal running condition and information characteristics of the neural network when the neural network is subjected to fault attack; the extracted information characteristics are utilized to model fault attack, the influence of faults on an actual neural network hardware accelerator is predicted by a fault distribution simulation and fault probability simulation method, and the vulnerability of the neural network in the face of the fault attack is judged by a interlaminar search method. The invention improves the existing hardware fault vulnerability evaluation framework, optimizes the fine granularity and simultaneously improves the fault simulation accuracy by a software and hardware integrated verification method. The improved method has a good effect in evaluating common hardware fault attacks, and has a certain application value in the field of hardware fault evaluation.

Description

Neural network accelerator fault vulnerability assessment method based on hardware characteristic information
Technical Field
The invention belongs to the field of hardware fault safety evaluation and the like, and particularly relates to a neural network accelerator fault vulnerability evaluation method based on hardware characteristic information.
Background
Deep learning provides support for a wide variety of edge devices, and the widespread use of neural network hardware accelerators has raised concerns about their safety and robustness. Although Deep Neural Network (DNN) models have evolved in prediction beyond humans, their predicted behavior involves complex training processes and adaptation to a large number of weight parameters, which makes the computation of Neural networks unexplainable. When errors occur in the calculation of the DNN model deployed on hardware (e.g., FPGA, ASIC, etc.), whether artificial or naturally occurring, the reasoning process of the neural network is disrupted. This makes the fault tolerance of different DNN models a topic of much interest and debate in recent years.
Fault injection attacks are one of the main methods that cause errors in neural network hardware accelerators. Various fault attacks, such as laser injection, temperature variations, electromagnetic injection, and Rowhammer, can affect circuit operation in a neural network from various levels. At present, most of the existing deep learning fault attacks focus on the fields of model parameter (weights) operation, activation function (activation function) modification and the like. In order to evaluate the robustness of the DNN model under a fault, the existing fault vulnerability evaluation for the neural network can be mainly divided into two categories, namely fault injection simulation and fault space exploration, including: a fault location analysis method based on white box testing; and researching the propagation, controllability, observability and the like of the hardware fault in data paths and memories of different hardware devices and architectures.
Although these conventional hardware fault evaluation schemes differ in search and location strategies, the fault models in most evaluation frameworks are relatively simple and assume that the errors caused by hardware faults are evenly distributed in the neural network. This simplistic assumption is likely to not match the actual fault attack scenario on the DNN hardware, resulting in less accurate results given by these evaluation schemes. In addition, most of the current fault evaluation schemes evaluate the overall robustness of the network aiming at the whole neural network, and the verification work of the layer-by-layer robustness of the network is less.
Disclosure of Invention
The invention aims to provide a neural network accelerator fault vulnerability assessment method based on hardware characteristic information, aiming at the defects that a fault assessment framework of a neural network hardware accelerator in the prior art is simple in fault model and severe in software and hardware part fracture. According to the invention, certain information characteristics in the attacked hardware neural network are extracted and input into the software model, so that a software and hardware integrated closed-loop evaluation framework is constructed, the accuracy of vulnerability evaluation of the hardware neural network is improved, and meanwhile, the fine granularity of evaluation is optimized through interlaminar search.
The purpose of the invention is realized by the following technical scheme: a neural network accelerator fault vulnerability assessment method based on hardware characteristic information comprises the following steps:
1) extracting hardware characteristic information of a neural network to be evaluated;
firstly, an original target neural network is deployed in a hardware accelerator, and a batch of Data is inputinputThe target neural network completes a complete reasoning process once and obtains a final result, and an intermediate value result R of the neural network operation in the hardware memory is extractedpristineThe prediction accuracy Acc of the network to the datapristine
Then, inputting the same batch of data again, injecting faults into the hardware accelerator, enabling the target neural network to complete a complete reasoning process and obtain a final result, and extracting an intermediate value result R of neural network operation in the hardware memoryfault
2) Fault behavior modeling;
utilizing the extracted hardware characteristic information R before and after the hardware fault injectionpristine,AccpristineAnd RfaultModeling the behavior characteristics of the fault, the modeling includingFault distribution simulation and fault probability simulation.
And deducing the distribution condition of the damaged data blocks in the whole memory and the damage degree of each damaged data block when the fault is injected into the internal calculation process of the neural network through fault distribution simulation and fault probability simulation.
3) Evaluating vulnerability of a neural network fault;
and (3) performing vulnerability assessment on the whole neural network at a software layer, and confirming the performance reduction of each layer of the neural network when the neural network is subjected to fault attack by using a layer boundary searching method.
Specifically, for each layer in the neural network, the hardware feature information extraction and fault modeling of the steps 1) to 2) are repeated, and finally the hardware fault vulnerability model of the whole neural network is obtained.
After the model construction is completed, interlaminar vulnerability search is carried out on the neural network, and the damage classification accuracy Acc of all layers of the network in the face of fault attack is obtainedfault
Using AccpristineAnd AccfaultQuantitatively evaluating the vulnerability of each layer of the network.
Further, in step 2), for fault distribution simulation, by comparing RpristineAnd RfaultThe distribution condition of the differential data simulates the distribution effect of the damaged data block caused by hardware fault in all the intermediate value calculation results of the neural network. Two analog forms of fault distribution are proposed: scatter distribution and band distribution. Estimating proportion of damaged data in total data through the extracted hardware information characteristics:
Figure BDA0003463177210000021
wherein D isfaultIs RfaultTotal amount of damaged data in (1), DallIs RfaultThe total amount of data.
Further, in step 2), for fault distribution simulation:
in the scatter distribution, the probability of determining the occurrence of the fault data block in the total data block needs to satisfy:
Pfault=rfault (2)
in the stripe distribution, in addition to the failure probability, it is required to satisfy the requirement in the formula (2), and it is also required that N adjacent data blocks are always damaged at the same time whenever a failure data block occurs, where N is a stripe distribution coefficient which is set autonomously according to the type of hardware and the type of failure.
Further, the scattered point distribution means that the fault data are respectively scattered in the hardware memory in a point shape; striped distribution refers to clustering of faulty datasets into stripes that exist in hardware memory.
Further, in step 2):
for fault probability simulation, by comparing RpristineAnd RfaultAnd simulating the damage degree of each damaged data block data to simulate the damage probability of the data block caused by hardware fault. Specifically, the method comprises the following steps:
for RfaultCalculating the difference between each damaged data block and the original data block, and finally counting the probability of each difference:
Figure BDA0003463177210000031
Figure BDA0003463177210000032
wherein d isfault(i) Value representing the i-th corrupted data block, dpristine(i) Is represented byfault(i) The value of the corresponding original data block, diff, represents the difference between the particular corrupted data block and the original data block.
To better infer the probability of each diff, p (diff) is fitted to the Johnson's SU distribution, derived from the Johnson's SU formula, and when a certain data block is damaged, the probability of the occurrence of various differences diff is correspondingly determined.
Further, in step 2), for the fault probability simulation, the Johnson's SU formula is as follows:
Figure BDA0003463177210000033
wherein, δ is a first shape parameter, λ is a scale parameter, ξ is a position parameter, and γ is a second shape parameter.
Further, in step 3), a interlaminar vulnerability search is performed on the neural network, and the method comprises the following sub-steps:
3.1) mixing DatainputInputting the fault into a neural network, and injecting the fault into a j-th neural network target layerj
3.2) making the neural network completely run an inference process.
3.3) obtaining the damaged classification accuracy Acc of the j layer of the final networkfault,j
3.4) repeating the steps 3.1) to 3.3), and finally obtaining the damaged classification accuracy Acc of all layers of the network when facing fault attackfault
The invention has the beneficial effects that:
(1) the invention fills the blank of hardware fault vulnerability evaluation aiming at the neural network and systematic simulation and evaluation methods aiming at complex faults, and further ensures the safety of the hardware neural network accelerator;
(2) the invention provides a specific and systematic method for simulating complex hardware faults through software, and a fault distribution simulation part and a fault probability simulation part are combined, so that a fault evaluation framework is not limited to a fault model based on uniform distribution or random distribution, and the evaluation of the complex faults becomes possible;
(3) according to the whole analysis process, the invention provides the evaluation standard of the vulnerability of the neural network in the face of hardware faults, provides a systematic and complete evaluation framework and refines the fine granularity of the evaluation.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and do not limit the invention. In the drawings:
FIG. 1 is a flow chart of a method for evaluating vulnerability to failure of a neural network accelerator based on hardware characteristic information according to the present invention;
FIG. 2 is a schematic diagram of two simulation types of fault distributions according to the present invention; wherein, a is scattered point distribution, and b is strip distribution; the white data blocks represent data damaged by fault attack, and the black data blocks represent data unaffected by the fault attack;
FIG. 3 is a diagram illustrating the results of analyzing the impact of a clock glitch fault on a VGG16 neural network according to the vulnerability assessment method of the embodiment of the present invention; wherein, a is the effect of fitting the damage probability of the data block by using a Johnson's SU formula, b is the difference between the expression of the software simulation fault and the expression of the hardware fault in the actual scene, and c is the result obtained by performing interlaminar search on VGG 16.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clear, the following description of the present application will be made in detail and completely with reference to the specific embodiments and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The invention relates to a neural network accelerator fault vulnerability assessment method based on hardware characteristic information, which utilizes information characteristics extracted from a neural network hardware accelerator to model fault distribution and fault probability of hardware faults; therefore, the existing fault attack framework is improved, the simulation of complex fault injection is realized, the vulnerability of each layer of the neural network is verified through interlaminar search, and the part with higher vulnerability in the network is searched out.
As shown in fig. 1, the method comprises the steps of:
1) and extracting the characteristic information of the neural network hardware to be evaluated.
1.1) first, a raw target neural network is deployed in a hardware accelerator, and a batch of Data is inputinputCompleting a complete reasoning process by the target neural network and obtaining a final result; extracting intermediate value result R of neural network operation in hardware memorypristineAcc, the prediction accuracy of the network for this batch of datapristineAnd storing.
1.2) subsequently, re-inputting the same batch of DatainputInjecting faults into the hardware accelerator, and simultaneously completing a complete reasoning process of the target neural network to obtain a final result; extracting intermediate value result R of neural network operation in hardware memoryfaultAnd storing.
2) And (4) fault behavior modeling.
Utilizing the hardware characteristic information R extracted in the step 1) before and after the hardware fault injectionpristine、Accpristine、RfaultModeling the behavior characteristics of the fault; the modeling includes fault distribution simulation and fault probability simulation. Through the fault distribution simulation and the fault probability simulation, the distribution condition of the damaged data blocks in the whole memory and the damage degree of each damaged data block can be deduced when the fault is injected into the internal calculation process of the neural network.
2.1) for fault distribution simulation by comparing RpristineAnd RfaultThe distribution condition of the differential data can simulate the distribution effect of the damaged data block caused by hardware fault in all the intermediate value calculation results of the neural network.
As shown in fig. 2a and 2b, the simulation forms of the two fault distributions proposed by the present invention are a scatter distribution and a strip distribution; the white data blocks represent data damaged by a fault attack, and the black data blocks represent data unaffected by the fault attack. The scattered point distribution refers to that fault data are respectively dispersed in a hardware memory in a point shape, and the strip distribution refers to that the fault data are clustered into a strip shape in a centralized manner and exist in the hardware memory.
By extracted hardware informationInformation characteristics, the proportion r of damaged data in total data can be estimatedfault
Figure BDA0003463177210000051
Wherein D isfaultIs RfaultTotal amount of damaged data in (1), DallIs RfaultThe total amount of data in the data stream.
2.1.1) determining the probability P of a faulty data block occurring in a total data block in a scatter distributionfaultThe requirements are as follows:
Pfault=rfault (2)
2.1.2) in the strip distribution, besides the failure probability, the requirement in the formula (2) is satisfied, and the requirement is that every time a failure data block occurs, N adjacent data blocks are always damaged at the same time, wherein N is a strip distribution coefficient which is set independently according to the type of hardware and the type of the failure.
2.2) for fault probability simulation by comparing RpristineAnd RfaultThe damage degree of each damaged data block data can simulate the damage probability of the data block caused by hardware fault.
In particular, for RfaultCalculating the difference between each damaged data block and the original data block, and finally counting the probability P (diff) of each difference diff:
Figure BDA0003463177210000061
Figure BDA0003463177210000062
wherein d isfault(i) Value representing the i-th corrupted data block, dpristine(i) Is represented byfault(i) The value of the corresponding original data block, diff denotes the difference between a certain corrupted data block and the original data block, vfault(i) Denotes dpristine(i) And dfault(i) Is exactly d at difffault(i) The value of (c).
To better infer the probability of each diff, p (diff) is fitted to the Johnson's SU distribution, which is formulated as follows:
Figure BDA0003463177210000063
wherein, delta is a first shape parameter, lambda is a scale parameter, pi is a circumference ratio, xi is a position parameter, and gamma is a second shape parameter.
By fitting P (diff), one can deduce the likelihood of various differences diff occurring when a block is corrupted, using the Johnson's SU equation.
3) And (4) evaluating vulnerability of the neural network fault.
And (3) performing vulnerability assessment on the whole neural network at a software layer, and confirming the performance reduction of each layer of the neural network when the neural network is subjected to fault attack by using a layer boundary searching method.
Specifically, because the neural network has different structures and different parameters, the robustness shown when the neural network is attacked by a hardware fault is different from the hardware characteristic information of the neural network. Therefore, for each layer in the neural network, the hardware feature information extraction and fault modeling of the steps 1) to 2) are repeated, and finally the hardware fault vulnerability model of the whole neural network is obtained.
After the hardware fault vulnerability model is constructed, interlayer vulnerability search is carried out on the neural network, and the specific method comprises the following steps:
3.1) mixing DatainputInputting the fault into a neural network, and injecting the fault into a j-th neural network target layerj
3.2) making the neural network completely run an inference process.
3.3) obtaining the damaged classification accuracy Acc of the j layer of the final networkfault,j
3.4) repeating the steps 3.1) to 3.3), and finally obtaining the network with all layers facing fault attack(ii) impairment classification accuracy Accfault
By comparing AccpristineAnd AccfaultThe difference between them can result in the vulnerability of each layer of the network. AccpristineAnd AccfaultThe difference between the two represents the performance reduction of the neural network before and after fault injection, the vulnerability of the network can be reflected by the difference value, and the larger the difference is, the more the performance reduction is, the stronger the vulnerability is; the vulnerability was assessed by differential quantification, with positive correlation.
Examples
In order to verify the effectiveness of the neural network accelerator fault vulnerability assessment method based on hardware characteristic information, experiments are carried out. Referring to fig. 3, the target neural network is VGG16, and the fault category is clock glitch fault.
Fig. 3a shows the effect of fitting the damage probability of the data block by using the Johnson's SU formula, and it can be seen from the figure that the damage probability distribution of the actual hardware data block can be perfectly fitted by using the Johnson's SU. Fig. 3b shows the difference between the software simulation fault expression and the hardware fault expression in the actual scene, and it can be seen that the difference between most layers in the VGG16 is within 0.1, which illustrates the accuracy of the software simulation fault. Fig. 3c shows the results of the interlamination search performed on the VGG16, and it can be seen that the VGG16 has higher vulnerability at layers 1,14 and 16, and an attacker can easily destroy the performance of the network by injecting faults at these layers, and the search results verify the effectiveness of the neural network accelerator fault vulnerability assessment method based on hardware feature information extraction.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (7)

1. A neural network accelerator fault vulnerability assessment method based on hardware characteristic information is characterized by comprising the following steps:
1) extracting hardware characteristic information of a neural network to be evaluated;
firstly, a raw target neural network is deployed in a hardware accelerator, and a batch of Data is inputinputThe target neural network completes a complete reasoning process and obtains a final result, and an intermediate value result R of the neural network operation in the hardware memory is extractedpristineThe prediction accuracy Acc of the network to the datapristine
Then, inputting the same batch of data again, injecting faults into the hardware accelerator, enabling the target neural network to complete a complete reasoning process and obtain a final result, and extracting an intermediate value result R of neural network operation in the hardware memoryfault
2) Fault behavior modeling;
utilizing the extracted hardware characteristic information R before and after the hardware fault injectionpristine,AccpristineAnd RfaultAnd modeling the behavior characteristics of the fault, wherein the modeling comprises fault distribution simulation and fault probability simulation.
And deducing the distribution condition of the damaged data blocks in the whole memory and the damage degree of each damaged data block when the fault is injected into the internal calculation process of the neural network through fault distribution simulation and fault probability simulation.
3) Evaluating vulnerability of a neural network fault;
and (3) performing vulnerability assessment on the whole neural network at a software layer, and confirming the performance reduction of each layer of the neural network when the neural network is subjected to fault attack by using a layer boundary searching method.
Specifically, for each layer in the neural network, the hardware feature information extraction and fault modeling of the steps 1) to 2) are repeated, and finally the hardware fault vulnerability model of the whole neural network is obtained.
After the model construction is completed, interlaminar vulnerability search is carried out on the neural network, and the damage classification accuracy Acc of all layers of the network in the face of fault attack is obtainedfault
Using AccpristineAnd AccfaultQuantitatively evaluating the vulnerability of each layer of the network.
2. The method for evaluating the vulnerability to faults of neural network accelerator based on hardware characteristic information as claimed in claim 1, wherein in step 2), for fault distribution simulation, by comparing RpristineAnd RfaultThe distribution condition of the difference data simulates the distribution effect of the damaged data block caused by hardware failure in all intermediate value calculation results of the neural network. Two analog forms of fault distribution are proposed: scatter distribution and band distribution. Estimating proportion of damaged data in total data through the extracted hardware information characteristics:
Figure FDA0003463177200000021
wherein D isfaultIs RfaultTotal amount of damaged data in (1), DallIs RfaultThe total amount of data.
3. The method for evaluating the vulnerability to faults of a neural network accelerator based on hardware characteristic information as claimed in claim 2, wherein in step 2), for fault distribution simulation:
in the scatter distribution, the probability of determining the occurrence of the fault data block in the total data block needs to satisfy:
Pfault=rfault (2)
in the stripe distribution, in addition to the failure probability, it is required to satisfy the requirement in the formula (2), and it is also required that N adjacent data blocks are always damaged at the same time whenever a failure data block occurs, where N is a stripe distribution coefficient which is set autonomously according to the type of hardware and the type of failure.
4. The method for evaluating the vulnerability to failure of a neural network accelerator based on hardware characteristic information as claimed in claim 2, wherein the scatter distribution means that failure data are respectively scattered in a hardware memory in a point shape; striped distribution refers to clustering of faulty datasets into stripes that exist in hardware memory.
5. The method for evaluating the vulnerability of the neural network accelerator fault based on the hardware characteristic information as claimed in claim 2, wherein in the step 2):
for fault probability simulation, by comparing RpristineAnd RfaultAnd simulating the damage degree of each damaged data block data to simulate the damage probability of the data block caused by hardware fault. Specifically, the method comprises the following steps:
for RfaultCalculating the difference between each damaged data block and the original data block, and finally counting the probability of each difference:
Figure FDA0003463177200000022
Figure FDA0003463177200000023
wherein d isfault(i) Value representing the i-th corrupted data block, dpristine(i) Is represented byfault(i) The value of the corresponding original data block, diff, represents the difference between the particular corrupted data block and the original data block.
To better infer the probability of each diff, p (diff) is fitted to the Johnson's SU distribution, derived from the Johnson's SU formula, and when a certain data block is damaged, the probability of the occurrence of various differences diff is correspondingly determined.
6. The method for evaluating the vulnerability to failure of a neural network accelerator based on hardware characteristic information as claimed in claim 5, wherein in the step 2), for the failure probability simulation, Johnson's SU formula is as follows:
Figure FDA0003463177200000031
wherein, δ is a first shape parameter, λ is a scale parameter, ξ is a position parameter, and γ is a second shape parameter.
7. The method for evaluating the vulnerability to failure of a neural network accelerator based on hardware characteristic information as claimed in claim 1, wherein in the step 3), the interlaminar vulnerability search is performed on the neural network, comprising the following sub-steps:
3.1) mixing DatainputInputting the fault into a neural network, and injecting the fault into a j-th neural network target layerj
3.2) making the neural network completely run an inference process.
3.3) obtaining the damaged classification accuracy Acc of the j layer of the final networkfault,j
3.4) repeating the steps 3.1) to 3.3), and finally obtaining the damaged classification accuracy Acc of all layers of the network when facing fault attackfault
CN202210022402.6A 2022-01-10 2022-01-10 Neural network accelerator fault vulnerability assessment method based on hardware characteristic information Pending CN114547966A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210022402.6A CN114547966A (en) 2022-01-10 2022-01-10 Neural network accelerator fault vulnerability assessment method based on hardware characteristic information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210022402.6A CN114547966A (en) 2022-01-10 2022-01-10 Neural network accelerator fault vulnerability assessment method based on hardware characteristic information

Publications (1)

Publication Number Publication Date
CN114547966A true CN114547966A (en) 2022-05-27

Family

ID=81669713

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210022402.6A Pending CN114547966A (en) 2022-01-10 2022-01-10 Neural network accelerator fault vulnerability assessment method based on hardware characteristic information

Country Status (1)

Country Link
CN (1) CN114547966A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115470899A (en) * 2022-11-15 2022-12-13 北京智芯微电子科技有限公司 Power equipment processing acceleration method, device, equipment, chip and medium
CN116450517A (en) * 2023-04-19 2023-07-18 中物院成都科学技术发展中心 Assessment method of HDL vulnerability analysis tool based on side channel information

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115470899A (en) * 2022-11-15 2022-12-13 北京智芯微电子科技有限公司 Power equipment processing acceleration method, device, equipment, chip and medium
CN115470899B (en) * 2022-11-15 2023-02-21 北京智芯微电子科技有限公司 Power equipment processing acceleration method, device, equipment, chip and medium
CN116450517A (en) * 2023-04-19 2023-07-18 中物院成都科学技术发展中心 Assessment method of HDL vulnerability analysis tool based on side channel information
CN116450517B (en) * 2023-04-19 2024-03-22 中物院成都科学技术发展中心 Assessment method of HDL vulnerability analysis tool based on side channel information

Similar Documents

Publication Publication Date Title
CN114547966A (en) Neural network accelerator fault vulnerability assessment method based on hardware characteristic information
CN109886830B (en) Water supply network pollution source tracking and positioning method based on user complaint information
CN109902018B (en) Method for acquiring test case of intelligent driving system
CN109034194B (en) Transaction fraud behavior deep detection method based on feature differentiation
US20150134578A1 (en) Discriminator, discrimination program, and discrimination method
CN112988723A (en) Traffic data restoration method based on space self-attention-diagram convolution cyclic neural network
CN108965001A (en) A kind of appraisal procedure and device of vehicle message data model
CN108664690A (en) Long-life electron device reliability lifetime estimation method under more stress based on depth belief network
CN105760649B (en) A kind of credible measure towards big data
CN113411821B (en) System reconfiguration capability evaluation method and system for complex network
CN115545350B (en) Vehicle path problem solving method integrating deep neural network and reinforcement learning
CN110110529A (en) A kind of software network key node method for digging based on complex network
CN108717506A (en) A method of prediction coke hot strength
CN103970651A (en) Software architecture safety assessment method based on module safety attributes
CN112579708A (en) Link prediction similarity index method based on improved local path
CN109632942B (en) Inversion method of pipeline defect size based on ensemble learning
CN110765668A (en) Concrete penetration depth test data abnormal point detection method based on deviation index
CN109581194B (en) Dynamic generation method for electronic system fault test strategy
CN116306277A (en) Landslide displacement prediction method and device and related components
CN111711530A (en) Link prediction algorithm based on community topological structure information
CN115758365A (en) Neuron activation dependency graph-based federated learning model poisoning attack detection method
CN114139601A (en) Evaluation method and system for artificial intelligence algorithm model of power inspection scene
CN114495055A (en) Multi-index evaluation method for evaluating street model fidelity
Qu et al. Detection of False Data Injection Attack in Power System Based on Hellinger Distance
CN113361625A (en) Error data detection method with privacy protection in federated learning scene

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination