| 一种用于智能汽车的硬件友好对抗样本在线防御方法 |
| |
| 作者姓名: | 范仁昊 庞猛 王明羽 李明钊 张悠慧 李兆麟 |
| |
| 摘 要: | 提出了一种针对对抗样本攻击的硬件友好的在线防御方法。该方法由三部分组成,一个使用自编码器作为检测器来逼近自然样本流形分布的广谱检测算法,一个适用于深度神经网络 (Deep Neural Network,DNN) 瓷片加速器架构的高效层调度方案以减少数据访问开销,以及一个软硬件协同设计方法以达到检测精度和算法开销的平衡。试验表明,基于自编码器的广谱在线检测方法能够达到与已有算法相当的检测精度,提出的层调度方案将推理网络与检测器耦合的联合网络的DRAM访问量减少了43%,进而降低了能耗,提高了吞吐量。此外,软硬件协同设计方法在保证检测精度不
降低的情况下,将耦合网络的能耗和运行时间分别降低了58%和54%。
|
| 关 键 词: | 神经网络 对抗样本攻击 在线防御 软硬件协同设计 |
Hardware-Friendly Online Defense Against Adversarial Attacks for Smart Cars |
| |
| Authors: | FAN Renhao PANG Meng WANG Mingyu LI Mingzhao ZHANG Youhui LI Zhaolin |
| |
| Abstract: | This paper proposes a hardware-friendly online defense scheme called Auto-defense against adversarial attacks. Auto-defense is composed of a broad-spectrum detection algorithm which uses autoencoders to approximate manifolds of natural samples, a tiled DNN accelerator architecture with an efficient layer scheduling scheme to reduce data access overhead and a hardware/software co-design method to reach the balance of overhead and detection accuracy. The experimental evaluation shows that the broad-spectrum
detection method achieves the state-of-the-art accuracy. The proposed layer scheduling scheme reduces the amount of DRAM access of the DNN coupled with detectors by more than 43%, thus resulting in lower energy consumption and higher throughput. Furthermore, the co-design method reduces the energy and execution time of the coupled network by 58% and 54% respectively without accuracy degradation. |
| |
| Keywords: | neural netwoks adversarial attacks online defense software/hardware co-design |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
