Enhancing Security of Memristor Computing System Through Secure Weight Mapping

TL;DR

This paper proposes a novel weight mapping method for memristor-based neural network systems that enhances security against theft attacks while significantly reducing hardware overhead.

Contribution

It introduces a secure weight mapping technique using 1's complement encoding, improving security and reducing hardware overhead compared to prior methods.

Findings

Achieves security comparable to existing methods.

Reduces hardware overhead by over 18 times.

Effectively prevents adversaries from knowing exact weights.

Abstract

Emerging memristor computing systems have demonstrated great promise in improving the energy efficiency of neural network (NN) algorithms. The NN weights stored in memristor crossbars, however, may face potential theft attacks due to the nonvolatility of the memristor devices. In this paper, we propose to protect the NN weights by mapping selected columns of them in the form of 1's complements and leaving the other columns in their original form, preventing the adversary from knowing the exact representation of each weight. The results show that compared with prior work, our method achieves effectiveness comparable to the best of them and reduces the hardware overhead by more than 18X.