Stealthy and Robust Glitch Injection Attack on Deep Learning Accelerator for Target With Variational Viewpoint

Deep neural network (DNN) accelerators overcome the power and memory walls for executing neural-net models locally on edge-computing devices to support sophisticated AI applications. The advocacy of “model once, run optimized anywhere” paradigm introduces potential new security threat edge intelligence that is methodologically different from well-known adversarial examples. Existing examples modify input samples presented an application either digitally or physically cause a misclassification. Nevertheless, these input-based perturbations are not robust surreptitious multi-view target. To generate good example misclassifying real-world target variational viewing angle, lighting distance, decent number target’s required extract rare anomalies can cross decision boundary. feasible substantial visually perceptible. In this paper, we propose glitch injection attack DNN accelerator capable under viewpoints. glitches injected into computation clock signal induce transitory but disruptive errors in intermediate results multiply-and-accumulate (MAC) operations. pattern each interest consists sparse instantaneous glitches, which be derived just one sample Two modes patterns derived, their effectiveness demonstrated four representative ImageNet implemented Deep-learning Processing Unit (DPU) FPGA its development toolchain. success rates evaluated 118 objects 61 diverse sensing conditions, including 25 angles (−60° 60°), 24 illumination directions 12 color temperatures. covert mode, our exceed existing stealthy by more than 16.3%, with only two ten thousands million cycles complete inference. all DNNs 96.2% average intensity 1.4% maximum 10.2%.