English

FeSHI: Feature Map Based Stealthy Hardware Intrinsic Attack

Cryptography and Security 2021-08-27 v3 Artificial Intelligence Machine Learning

Abstract

To reduce the time-to-market and access to state-of-the-art techniques, CNN hardware mapping and deployment on embedded accelerators are often outsourced to untrusted third parties, which is going to be more prevalent in futuristic artificial intelligence of things (AIoT) systems. These AIoT systems anticipate horizontal collaboration among different resource-constrained AIoT node devices, where CNN layers are partitioned and these devices collaboratively compute complex CNN tasks. This horizontal collaboration opens another attack surface to the CNN-based application, like inserting the hardware Trojans (HT) into the embedded accelerators designed for the CNN. Therefore, there is a dire need to explore this attack surface for designing secure embedded hardware accelerators for CNNs. Towards this goal, in this paper, we exploited this attack surface to propose an HT-based attack called FeSHI. Since in horizontal collaboration of RC AIoT devices different sections of CNN architectures are outsourced to different untrusted third parties, the attacker may not know the input image, but it has access to the layer-by-layer output feature maps information for the assigned sections of the CNN architecture. This attack exploits the statistical distribution, i.e., Gaussian distribution, of the layer-by-layer feature maps of the CNN to design two triggers for stealthy HT with a very low probability of triggering. Also, three different novel, stealthy and effective trigger designs are proposed.

Keywords

Cite

@article{arxiv.2106.06895,
  title  = {FeSHI: Feature Map Based Stealthy Hardware Intrinsic Attack},
  author = {Tolulope Odetola and Faiq Khalid and Travis Sandefur and Hawzhin Mohammed and Syed Rafay Hasan},
  journal= {arXiv preprint arXiv:2106.06895},
  year   = {2021}
}

Comments

Accepted for publication in IEEE Access

R2 v1 2026-06-24T03:08:18.727Z