Research On Vulnerabilities And Attack Methods For Deep Learning Hardware Computing Platforms

In recent years,the continuous development and evolution of deep learning and its hardware computing circuits have made more and more fields begin to put related products based on deep learning algorithms into applications.A large number of hardware computing circuit products are designed,produced,and launched.Deep learning hardware computing platforms with FPGA,GPU,and ASIC as the underlying hardware are widely used.However,there are huge security risks in many aspects such as design and manufacturing based on the platform: on the one hand,the neural network algorithm itself has defects,allowing attackers to use the vulnerabilities;on the other hand,there are untrusted third-party IPs,tools,and personnel in the hardware manufacturing process,all of which may be potential targets used by attackers.Under this background,this topic explores the security problems of neural networks and their computing platforms,analyzes the possible security vulnerabilities and attack methods of neural network algorithms and hardware circuits at various links,and summarizes the deep learning computing platform attacks on this basis.Theory and experimental verification to provide reference for the protection and detection of related security issues in this field.This article first introduces the basics of deep learning,Hardware Trojans,and generative adversarial networks.Based on this,it summarizes the data flow of convolutional neural networks,the design of dedicated hardware circuits,and loopholes in the production as well as manufacturing process.After that,an attack theory combining software and hardware is proposed.Then use the Pynq framework to design and build the hardware circuit,and use Vivado HLS tool to generate the convolution and pooling module.And than a hardware Trojan is embedded.Finally,the software extracts attack vectors and loads them into the hardware circuit to complete the attack on the platform.The experiments use Mnist,Cifar-10 and ImageNet datasets to build three neural networks of different sizes.Relevant comparative experiments of the training set intervention method,FGSM algorithm and DeepFool algorithm were performed on the three networks.Analyze the possible attack result impact of the same algorithm on different network structures,different algorithms on the same network structure,and different parameter changes in the same algorithm.The correctness of the attack theory is verified,and the advantages and disadvantages of various attack methods are summarized through comparative experimental analysis.