Exploring DNN Robustness Against Adversarial Attacks Using Approximate Multipliers
Mohammad Javad Askarizadeh, Ebrahim Farahmand, Jorge Castro-Godinez, Ali Mahani, Laura Cabrera-Quiros, Carlos Salazar-Garcia
TL;DR
The paper addresses the vulnerability of DNNs to adversarial attacks and the imperative for hardware-aware robustness. It introduces a method that uniformly substitutes accurate MAC multipliers with state-of-the-art approximate multipliers (scaleTRIM and DRUM) within the AdaPT framework to assess robustness under FGSM, BIM, and PGD on LeNet-5, ResNet-50, and VGG-19 with 8-bit quantization, revealing that robustness can improve by up to ~10% while accuracy may drop up to ~7% in benign settings. The results highlight configuration-dependent trade-offs, with scaleTRIM often preserving or enhancing robustness compared to DRUM, and some configurations achieving substantial gains in robust accuracy under attack. Practically, this work provides actionable insights for hardware-aware design of robust CNNs and outlines a path toward automated per-layer approximation selection to balance security and efficiency.
Abstract
Deep Neural Networks (DNNs) have advanced in many real-world applications, such as healthcare and autonomous driving. However, their high computational complexity and vulnerability to adversarial attacks are ongoing challenges. In this letter, approximate multipliers are used to explore DNN robustness improvement against adversarial attacks. By uniformly replacing accurate multipliers for state-of-the-art approximate ones in DNN layer models, we explore the DNNs robustness against various adversarial attacks in a feasible time. Results show up to 7% accuracy drop due to approximations when no attack is present while improving robust accuracy up to 10% when attacks applied.