TL;DR
DetectX is a hardware-efficient adversarial input detection method using memristive crossbar signatures, significantly improving energy efficiency and robustness against various attacks through a dual-phase training process.
Contribution
This work introduces DetectX, a novel hardware-friendly adversarial detection mechanism leveraging memristive crossbar signatures and a dual-phase training methodology for enhanced robustness.
Findings
DetectX achieves 10x-25x energy efficiency over prior methods.
It attains ROC-AUC > 0.95 for strong white-box and black-box attacks.
DetectX demonstrates robustness against dynamic adversarial attacks.
Abstract
Adversarial input detection has emerged as a prominent technique to harden Deep Neural Networks(DNNs) against adversarial attacks. Most prior works use neural network-based detectors or complex statistical analysis for adversarial detection. These approaches are computationally intensive and vulnerable to adversarial attacks. To this end, we propose DetectX - a hardware friendly adversarial detection mechanism using hardware signatures like Sum of column Currents (SoI) in memristive crossbars (XBar). We show that adversarial inputs have higher SoI compared to clean inputs. However, the difference is too small for reliable adversarial detection. Hence, we propose a dual-phase training methodology: Phase1 training is geared towards increasing the separation between clean and adversarial SoIs; Phase2 training improves the overall robustness against different strengths of adversarial…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
