Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Nonideality-aware training makes memristive networks more robust to adversarial attacks

Dovydas Joksas, Luis Muñoz-González, Emil Lupu, Adnan Mehonic

TL;DR

This work investigates how nonideality-aware training—a common technique to deal with physical nonidealities—affects adversarial robustness, and finds that adversarial robustness is significantly improved, even with limited knowledge of what nonidealities will be encountered during test time.

Abstract

Neural networks are now deployed in a wide number of areas from object classification to natural language systems. Implementations using analog devices like memristors promise better power efficiency, potentially bringing these applications to a greater number of environments. However, such systems suffer from more frequent device faults and overall, their exposure to adversarial attacks has not been studied extensively. In this work, we investigate how nonideality-aware training - a common technique to deal with physical nonidealities - affects adversarial robustness. We find that adversarial robustness is significantly improved, even with limited knowledge of what nonidealities will be encountered during test time.

Nonideality-aware training makes memristive networks more robust to adversarial attacks

TL;DR

This work investigates how nonideality-aware training—a common technique to deal with physical nonidealities—affects adversarial robustness, and finds that adversarial robustness is significantly improved, even with limited knowledge of what nonidealities will be encountered during test time.

Abstract

Neural networks are now deployed in a wide number of areas from object classification to natural language systems. Implementations using analog devices like memristors promise better power efficiency, potentially bringing these applications to a greater number of environments. However, such systems suffer from more frequent device faults and overall, their exposure to adversarial attacks has not been studied extensively. In this work, we investigate how nonideality-aware training - a common technique to deal with physical nonidealities - affects adversarial robustness. We find that adversarial robustness is significantly improved, even with limited knowledge of what nonidealities will be encountered during test time.
Paper Structure (10 sections, 2 equations, 5 figures)

This paper contains 10 sections, 2 equations, 5 figures.

Table of Contents

  1. Introduction
  2. Background and Design
  3. Memristive neural networks
  4. Adversarial attacks
  5. Attacking memristive networks
  6. Results and Discussion
  7. Effect of nonidealities
  8. Nonideality-aware training
  9. Nonideality modelling during training
  10. Summary and conclusion

Figures (5)

  • Figure 1: Von Neumann architecture. The arrows denote the data flow. Adapted from Ref. mehonicEmergingNonvolatileMemories2023.
  • Figure 2: Resistive crossbar array. The structure of the circuit together with Ohm's law and Kirchhoff's current law make it so that currents $\boldsymbol{I}$ are a product of a vector of voltages $\boldsymbol{V}$ and a matrix of conductances $\boldsymbol{G}$. Adapted from Ref. mehonicEmergingNonvolatileMemories2023.
  • Figure 3: The effect of nonidealities in FGSM attack. A greater proportion of stuck devices results in lower accuracy under conditions of no attack. However, with high-$\varepsilon$ attack, the accuracy for all three scenarios becomes similar.
  • Figure 4: The effect of nonideality-aware on FGSM attack. Networks exposed to stuck devices have a much higher robustness to the attack.
  • Figure 5: The effect of incorrect assumptions during network training. Not exposing the training algorithm to nonidealities has a negative effect on its robustness. However, even incorrect assumptions about some level of nonidealities during inference produce higher robustness to attacks.