MAED: Mathematical Activation Error Detection for Mitigating Physical Fault Attacks in DNN Inference

TL;DR

This paper introduces MAED, an algorithm-level error detection framework that uses mathematical identities to detect faults in DNN activation functions during inference, significantly improving fault resilience with minimal overhead.

Contribution

It is the first to apply algorithm-level error detection to defend against both fault injection attacks and natural faults in DNNs on embedded systems.

Findings

Achieves nearly 100% error detection rate in fault simulations.

Implements with less than 1% overhead on microcontrollers.

Requires minimal area and acceptable latency increase on FPGA.

Abstract

The inference phase of deep neural networks (DNNs) in embedded systems is increasingly vulnerable to fault attacks and failures, which can result in incorrect predictions. These vulnerabilities can potentially lead to catastrophic consequences, making the development of effective mitigation techniques essential. In this paper, we introduce MAED (Mathematical Activation Error Detection), an algorithm-level error detection framework that exploits mathematical identities to continuously validate the correctness of non-linear activation function computations at runtime. To the best of our knowledge, this work is the first to integrate algorithm-level error detection techniques to defend against both malicious fault injection attacks and naturally occurring faults in critical DNN components in embedded systems. The evaluation is conducted on three widely adopted activation functions, namely ReLu, sigmoid, and tanh which serve as fundamental building blocks for introducing non-linearity in DNNs and can lead to mispredictions when subjected to natural faults or fault attacks. We assessed the proposed error detection scheme via fault model simulation, achieving close to 100% error detection while mitigating existing fault attacks on DNN inference. Additionally, the overhead introduced by integrating the proposed scheme with the baseline implementation (i.e., without error detection) is validated through implementations on an AMD/Xilinx Artix-7 FPGA and an ATmega328P microcontroller, as well as through integration with TensorFlow. On the microcontroller, the proposed error detection incurs less than 1% clock cycle overhead, while on the FPGA it requires nearly zero additional area, at the cost of approximately a 20% increase in latency for sigmoid and tanh.