Mobile QR Code
Title Software-based Adversarial Attack Detection System for Embedded Systems
Authors 주상현(Sanghyun Joo) ; 김인모(Inmo Kim) ; 김명선(Myungsun Kim)
DOI https://doi.org/10.5573/ieie.2022.59.7.3
Page pp.3-11
ISSN 2287-5026
Keywords Adversarial attack; Adversarial detection; Embedded systems; DNN inference; NIC
Abstract Recently, adversarial attacks aimed at inducing DNN reasoning to be misclassified are becoming more diverse and more sophisticated. Due to this trend, DNN models are more easily exposed to adversarial attacks. Embedded systems such as robots and driverless car systems are no exception, and the result of misclassification due to adversarial attacks can lead to fatal consequences. However, embedded systems have limited performance in DNN computational units and memory capacity, making it very difficult to detect adversarial attacks in a limited time. To overcome this, developing a dedicated hardware unit cause high development costs, and also the hardware is not as flexible as to cope with various kinds of attacks and any change in target DNN model. To solve this problem, in this study, we proposes a software-based adversarial attack detection mechanism for embedded systems. The mechanism selects and utilizes several hidden layers to be detected to minimize the additional memory required for adversarial detection. Additionally, when the target DNN performs inference, the adversarial detection process is in parallel and minimizes the time gap between the two. As experiments show, the execution time difference compared to before applying the proposed mechanism decreased by up to 99.6% and the memory usage decreased by up to 83.9% while maintaining attack detection accuracy.