Leveraging Ferroelectric Stochasticity and In-Memory Computing for DNN IP Obfuscation

Likhitha Mankali, Nikhil Rangarajan, Swetaki Chatterjee, Shubham Kumar, Yogesh Singh Chauhan, Ozgur Sinanoglu, Hussam Amrouch

Research output: Contribution to journalArticlepeer-review


With the emergence of the Internet of Things (IoT), deep neural networks (DNNs) are widely used in different domains, such as computer vision, healthcare, social media, and defense. The hardware-level architecture of a DNN can be built using an in-memory computing-based design, which is loaded with the weights of a well-trained DNN model. However, such hardware-based DNN systems are vulnerable to model stealing attacks where an attacker reverse-engineers (REs) and extracts the weights of the DNN model. In this work, we propose an energy-efficient defense technique that combines a ferroelectric field effect transistor (FeFET)-based reconfigurable physically unclonable function (PUF) with an in-memory FeFET XNOR to thwart model stealing attacks. We leverage the inherent stochasticity in the FE domains to build a PUF that helps to corrupt the neural network's (NN) weights when an adversarial attack is detected. We showcase the efficacy of the proposed defense scheme by performing experiments on graph-NNs (GNNs), a particular type of DNN. The proposed defense scheme is a first of its kind that evaluates the security of GNNs. We investigate the effect of corrupting the weights on different layers of the GNN on the accuracy degradation of the graph classification application for two specific error models of corrupting the FeFET-based PUFs and five different bioinformatics datasets. We demonstrate that our approach successfully degrades the inference accuracy of the graph classification by corrupting any layer of the GNN after a small rewrite pulse.

Original languageEnglish (US)
Pages (from-to)102-110
Number of pages9
JournalIEEE Journal on Exploratory Solid-State Computational Devices and Circuits
Issue number2
StatePublished - Dec 1 2022


  • Deep neural networks (DNNs)
  • ferroelectric field effect transistor (FeFET)
  • graph neural networks (GNNs)
  • hardware security
  • model stealing attacks

ASJC Scopus subject areas

  • Electronic, Optical and Magnetic Materials
  • Hardware and Architecture
  • Electrical and Electronic Engineering


Dive into the research topics of 'Leveraging Ferroelectric Stochasticity and In-Memory Computing for DNN IP Obfuscation'. Together they form a unique fingerprint.

Cite this