Robust and hardware efficient hardware accelerator design for convolutional neural networks

Abstract

This thesis investigates the integration of approximate computing (AC) techniques into CNN hardware accelerators while addressing security vulnerabilities associated with hardware Trojans (HTs) and backdoor attacks. A comprehensive literature review highlights the need to mitigate these threats, as backdoors attacks can subtly alter classifications, and HTs can cause targeted errors. Meanwhile, the increasing computational demands of CNNs and the limited processing capabilities of embedded devices necessitate lightweight CNN hardware accelerators. AC has emerged as a key approach to enhancing efficiency. However, a major research gap exists in the lack of methodologies for efficiently designing AC-based CNN accelerators and implementing measurements against HTs and backdoor attacks.To bridge this gap, this thesis proposes three methods: Error Matrix-based Error Injection (EMEI), Shuffle and Substitute Defence Mechanism (SSDM), and a selective protection scheme for important processing elements (PEs). EMEI enables fast selection of approximate multipliers for each PE in CNNs, optimising hardware efficiency while maintaining classification accuracy, with a predicted-to-actual accuracy difference of less than 3% on MobileNetV2 using CIFAR-10 and GTSRB. SSDM disrupts HT and backdoor activation through pixel-level shuffling, substitution, and bit-level weight shuffling, reducing activation rates of position-specific, value-specific, pattern-specific, and sequence-specific triggered HTs to below 2%, while detecting neuron-specific HTs within 45 images. Stable patch-based backdoor attack activation rates drop below 5%, while random patch-based and warping-based backdoor attack rates fall below 30%, with additional overhead of less than 0.1%. The selective protection scheme identifies and secures vulnerable PEs. Additionally, two runtime detection methods are introduced: Selective Hardware Redundancy (SHR), which reacts to HT-induced errors within one cycle with <10% overhead, and Selective Hardware and Time Redundancy (SHTR), offering low-overhead (<0.3%) detection within 50–150 cycle