-
Defending with Errors: Approximate Computing for Robustness of Deep Neural Networks
Authors:
Amira Guesmi,
Ihsen Alouani,
Khaled N. Khasawneh,
Mouna Baklouti,
Tarek Frikha,
Mohamed Abid,
Nael Abu-Ghazaleh
Abstract:
Machine-learning architectures, such as Convolutional Neural Networks (CNNs) are vulnerable to adversarial attacks: inputs crafted carefully to force the system output to a wrong label. Since machine-learning is being deployed in safety-critical and security-sensitive domains, such attacks may have catastrophic security and safety consequences. In this paper, we propose for the first time to use h…
▽ More
Machine-learning architectures, such as Convolutional Neural Networks (CNNs) are vulnerable to adversarial attacks: inputs crafted carefully to force the system output to a wrong label. Since machine-learning is being deployed in safety-critical and security-sensitive domains, such attacks may have catastrophic security and safety consequences. In this paper, we propose for the first time to use hardware-supported approximate computing to improve the robustness of machine-learning classifiers. We show that successful adversarial attacks against the exact classifier have poor transferability to the approximate implementation. Surprisingly, the robustness advantages also apply to white-box attacks where the attacker has unrestricted access to the approximate classifier implementation: in this case, we show that substantially higher levels of adversarial noise are needed to produce adversarial examples. Furthermore, our approximate computing model maintains the same level in terms of classification accuracy, does not require retraining, and reduces resource utilization and energy consumption of the CNN. We conducted extensive experiments on a set of strong adversarial attacks; We empirically show that the proposed implementation increases the robustness of a LeNet-5, Alexnet and VGG-11 CNNs considerably with up to 50% by-product saving in energy consumption due to the simpler nature of the approximate logic.
△ Less
Submitted 2 November, 2022;
originally announced November 2022.
-
Bayesian Regression and Classification Using Gaussian Process Priors Indexed by Probability Density Functions
Authors:
A. Fradi,
Y. Feunteun,
C. Samir,
M. Baklouti,
F. Bachoc,
J-M. Loubes
Abstract:
In this paper, we introduce the notion of Gaussian processes indexed by probability density functions for extending the Matérn family of covariance functions. We use some tools from information geometry to improve the efficiency and the computational aspects of the Bayesian learning model. We particularly show how a Bayesian inference with a Gaussian process prior (covariance parameters estimation…
▽ More
In this paper, we introduce the notion of Gaussian processes indexed by probability density functions for extending the Matérn family of covariance functions. We use some tools from information geometry to improve the efficiency and the computational aspects of the Bayesian learning model. We particularly show how a Bayesian inference with a Gaussian process prior (covariance parameters estimation and prediction) can be put into action on the space of probability density functions. Our framework has the capacity of classifiying and infering on data observations that lie on nonlinear subspaces. Extensive experiments on multiple synthetic, semi-synthetic and real data demonstrate the effectiveness and the efficiency of the proposed methods in comparison with current state-of-the-art methods.
△ Less
Submitted 6 November, 2020;
originally announced November 2020.
-
Defensive Approximation: Securing CNNs using Approximate Computing
Authors:
Amira Guesmi,
Ihsen Alouani,
Khaled Khasawneh,
Mouna Baklouti,
Tarek Frikha,
Mohamed Abid,
Nael Abu-Ghazaleh
Abstract:
In the past few years, an increasing number of machine-learning and deep learning structures, such as Convolutional Neural Networks (CNNs), have been applied to solving a wide range of real-life problems. However, these architectures are vulnerable to adversarial attacks. In this paper, we propose for the first time to use hardware-supported approximate computing to improve the robustness of machi…
▽ More
In the past few years, an increasing number of machine-learning and deep learning structures, such as Convolutional Neural Networks (CNNs), have been applied to solving a wide range of real-life problems. However, these architectures are vulnerable to adversarial attacks. In this paper, we propose for the first time to use hardware-supported approximate computing to improve the robustness of machine learning classifiers. We show that our approximate computing implementation achieves robustness across a wide range of attack scenarios. Specifically, for black-box and grey-box attack scenarios, we show that successful adversarial attacks against the exact classifier have poor transferability to the approximate implementation. Surprisingly, the robustness advantages also apply to white-box attacks where the attacker has access to the internal implementation of the approximate classifier. We explain some of the possible reasons for this robustness through analysis of the internal operation of the approximate implementation. Furthermore, our approximate computing model maintains the same level in terms of classification accuracy, does not require retraining, and reduces resource utilization and energy consumption of the CNN. We conducted extensive experiments on a set of strong adversarial attacks; We empirically show that the proposed implementation increases the robustness of a LeNet-5 and an Alexnet CNNs by up to 99% and 87%, respectively for strong grey-box adversarial attacks along with up to 67% saving in energy consumption due to the simpler nature of the approximate logic. We also show that a white-box attack requires a remarkably higher noise budget to fool the approximate classifier, causing an average of 4db degradation of the PSNR of the input image relative to the images that succeed in fooling the exact classifier
△ Less
Submitted 29 July, 2021; v1 submitted 13 June, 2020;
originally announced June 2020.
-
Mppsocgen: A framework for automatic generation of mppsoc architecture
Authors:
Emna Kallel,
Yassine Aoudni,
Mouna Baklouti,
Mohamed Abid
Abstract:
Automatic code generation is a standard method in software engineering since it improves the code consistency and reduces the overall development time. In this context, this paper presents a design flow for automatic VHDL code generation of mppSoC (massively parallel processing System-on-Chip) configuration. Indeed, depending on the application requirements, a framework of Netbeans Platform Softwa…
▽ More
Automatic code generation is a standard method in software engineering since it improves the code consistency and reduces the overall development time. In this context, this paper presents a design flow for automatic VHDL code generation of mppSoC (massively parallel processing System-on-Chip) configuration. Indeed, depending on the application requirements, a framework of Netbeans Platform Software Tool named MppSoCGEN was developed in order to accelerate the design process of complex mppSoC. Starting from an architecture parameters design, VHDL code will be automatically generated using parsing method. Configuration rules are proposed to have a correct and valid VHDL syntax configuration. Finally, an automatic generation of Processor Elements and network topologies models of mppSoC architecture will be done for Stratix II device family. Our framework improves its flexibility on Netbeans 5.5 version and centrino duo Core 2GHz with 22 Kbytes and 3 seconds average runtime. Experimental results for reduction algorithm validate our MppSoCGEN design flow and demonstrate the efficiency of generated architectures.
△ Less
Submitted 30 April, 2012;
originally announced April 2012.
