Lightning: Leveraging DVFS-induced Transient Fault Injection to Attack Deep Learning Accelerator of GPUs

Graphics Processing Units(GPU) are widely used as deep learning accelerators because of its high performance and low power consumption. Additionally, it remains secure against hardware-induced transient fault injection attacks, a classic type attacks that have been developed on other computing platforms. In this work, we demonstrate well-trained machine models robust hardware when the faults generated randomly. However, discover these components, which refer to sensitive targets, vulnerable faults. By exploiting vulnerability, propose Lightning attack, precisely strikes model’s targets with based Dynamic Voltage Frequency Scaling (DVFS). We design search algorithm find most critical processing units Deep Neural Network(DNN) determining inference results, develop genetic automatically optimize attack parameters for DVFS induce Experiments three commodity Nvidia GPUs four widely-used DNN show proposed can reduce accuracy by 69.1% average non-targeted and, more interestingly, achieve success rate 67.9% targeted attacks.