181 research outputs found
ReBNet: Residual Binarized Neural Network
This paper proposes ReBNet, an end-to-end framework for training
reconfigurable binary neural networks on software and developing efficient
accelerators for execution on FPGA. Binary neural networks offer an intriguing
opportunity for deploying large-scale deep learning models on
resource-constrained devices. Binarization reduces the memory footprint and
replaces the power-hungry matrix-multiplication with light-weight XnorPopcount
operations. However, binary networks suffer from a degraded accuracy compared
to their fixed-point counterparts. We show that the state-of-the-art methods
for optimizing binary networks accuracy, significantly increase the
implementation cost and complexity. To compensate for the degraded accuracy
while adhering to the simplicity of binary networks, we devise the first
reconfigurable scheme that can adjust the classification accuracy based on the
application. Our proposition improves the classification accuracy by
representing features with multiple levels of residual binarization. Unlike
previous methods, our approach does not exacerbate the area cost of the
hardware accelerator. Instead, it provides a tradeoff between throughput and
accuracy while the area overhead of multi-level binarization is negligible.Comment: To Appear In The 26th IEEE International Symposium on
Field-Programmable Custom Computing Machine
Hybrid heterogeneous energy supply networks
Abstract—Efficient energy supply, storage, and distribution are key technical challenges for design and operation of electronic systems. In particular, energy supply is the most scarce resource and constraint for mobile embedded systems where the supply lifetime, cost, weight, size, and portability are major concerns. With the advent of newer electrical energy supply and storage technologies, energy supplies with differing energy/power storage densities, cost, size, and recycling abilities are becoming available. Efficient system design requires an exact matching between the fluctuating load demands and the underlying energy resources. Combining the energy supplies in a hierarchical way creates a unique opportunity for efficient matching and variable load serving. Such a heterogeneous hybrid network of energy supply components could address a variety of power needs and serve a much broader range of system loads with a high efficiency. This paper presents a Hierarchial Architecture of Heterogenous Electrical Energy Supplies (HierArcHEES) that can be tuned to different load demands. I
EmMark: Robust Watermarks for IP Protection of Embedded Quantized Large Language Models
This paper introduces EmMark,a novel watermarking framework for protecting
the intellectual property (IP) of embedded large language models deployed on
resource-constrained edge devices. To address the IP theft risks posed by
malicious end-users, EmMark enables proprietors to authenticate ownership by
querying the watermarked model weights and matching the inserted signatures.
EmMark's novelty lies in its strategic watermark weight parameters selection,
nsuring robustness and maintaining model quality. Extensive proof-of-concept
evaluations of models from OPT and LLaMA-2 families demonstrate EmMark's
fidelity, achieving 100% success in watermark extraction with model performance
preservation. EmMark also showcased its resilience against watermark removal
and forging attacks.Comment: Accept to DAC 202
DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks
This paper proposes DeepMarks, a novel end-to-end framework for systematic
fingerprinting in the context of Deep Learning (DL). Remarkable progress has
been made in the area of deep learning. Sharing the trained DL models has
become a trend that is ubiquitous in various fields ranging from biomedical
diagnosis to stock prediction. As the availability and popularity of
pre-trained models are increasing, it is critical to protect the Intellectual
Property (IP) of the model owner. DeepMarks introduces the first fingerprinting
methodology that enables the model owner to embed unique fingerprints within
the parameters (weights) of her model and later identify undesired usages of
her distributed models. The proposed framework embeds the fingerprints in the
Probability Density Function (pdf) of trainable weights by leveraging the extra
capacity available in contemporary DL models. DeepMarks is robust against
fingerprints collusion as well as network transformation attacks, including
model compression and model fine-tuning. Extensive proof-of-concept evaluations
on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural
networks architectures such as Wide Residual Networks (WRNs) and Convolutional
Neural Networks (CNNs), corroborate the effectiveness and robustness of
DeepMarks framework
DeepSecure: Scalable Provably-Secure Deep Learning
This paper proposes DeepSecure, a novel framework that enables scalable
execution of the state-of-the-art Deep Learning (DL) models in a
privacy-preserving setting. DeepSecure targets scenarios in which neither of
the involved parties including the cloud servers that hold the DL model
parameters or the delegating clients who own the data is willing to reveal
their information. Our framework is the first to empower accurate and scalable
DL analysis of data generated by distributed clients without sacrificing the
security to maintain efficiency. The secure DL computation in DeepSecure is
performed using Yao's Garbled Circuit (GC) protocol. We devise GC-optimized
realization of various components used in DL. Our optimized implementation
achieves more than 58-fold higher throughput per sample compared with the
best-known prior solution. In addition to our optimized GC realization, we
introduce a set of novel low-overhead pre-processing techniques which further
reduce the GC overall runtime in the context of deep learning. Extensive
evaluations of various DL applications demonstrate up to two
orders-of-magnitude additional runtime improvement achieved as a result of our
pre-processing methodology. This paper also provides mechanisms to securely
delegate GC computations to a third party in constrained embedded settings
- …