Detection and Recovery Against Deep Neural Network Fault Injection Attacks Based on Contrastive Learning

TL;DR

This paper proposes a novel self-supervised contrastive learning framework to detect and recover from fault injection attacks in deep neural network inference, achieving real-time detection and fast recovery with minimal data.

Contribution

It introduces a contrastive learning-based framework for FIA detection and recovery that is effective with limited unlabeled data and operates in real-time.

Findings

Effective detection and recovery on CIFAR-10 dataset

Real-time detection with a single batch of data

Fast recovery with minimal unlabeled data

Abstract

Deep Neural Network (DNN) models when implemented on executing devices as the inference engines are susceptible to Fault Injection Attacks (FIAs) that manipulate model parameters to disrupt inference execution with disastrous performance. This work introduces Contrastive Learning (CL) of visual representations i.e., a self-supervised learning approach into the deep learning training and inference pipeline to implement DNN inference engines with self-resilience under FIAs. Our proposed CL based FIA Detection and Recovery (CFDR) framework features (i) real-time detection with only a single batch of testing data and (ii) fast recovery effective even with only a small amount of unlabeled testing data. Evaluated with the CIFAR-10 dataset on multiple types of FIAs, our CFDR shows promising detection and recovery effectiveness.