Abstract:
The globalisation of supply chains and manufacturing processes can lead to loss of control over the manufacturing process and exposure to potentially malicious third parties, thus making the security of Convolutional Neural Network hardware accelerators compromised by emerging attacks (e.g., hardware Trojan(HT) insertion attacks and backdoor attacks from third-party dataset providers). In this paper, a new defence mechanism, called Shuffle and Substitution-Based Defence Mechanism(SSDM), is proposed to effectively defend against attacks launched by attackers from the third-party dataset providers and the Fabrication phase. The new countermeasure proposed in this paper can not only effectively suppress the activation of most existing HTs, but also greatly increase the difficulty for adversaries from third-party dataset providers to successfully execute backdoor attacks. The experimental results show that the new defensive countermeasures are effective in preventing HTs from being activated and significantly increasing the difficulty of backdoor attacks.
Published in: 2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)
Date of Conference: 13-15 December 2023
DOI: 10.1109/AsianHOST59942.2023.10409319
Publisher: IEEE
Conference Location: Tianjin, China
