Nonideality-aware training makes memristive networks more robust to adversarial attacks

TL;DR

This paper demonstrates that nonideality-aware training enhances the adversarial robustness of memristive neural networks, making them more resilient to attacks despite device faults and physical nonidealities.

Contribution

It is the first study to show that nonideality-aware training improves adversarial robustness in memristive neural networks.

Findings

Adversarial robustness significantly increases with nonideality-aware training.

Robustness improvement occurs even with limited knowledge of device nonidealities.

Memristive networks become more resilient to adversarial attacks through this training method.

Abstract

Neural networks are now deployed in a wide number of areas from object classification to natural language systems. Implementations using analog devices like memristors promise better power efficiency, potentially bringing these applications to a greater number of environments. However, such systems suffer from more frequent device faults and overall, their exposure to adversarial attacks has not been studied extensively. In this work, we investigate how nonideality-aware training - a common technique to deal with physical nonidealities - affects adversarial robustness. We find that adversarial robustness is significantly improved, even with limited knowledge of what nonidealities will be encountered during test time.