SCANet: Securing the Weights With Superparamagnetic-MTJ Crossbar Array Networks

Dinesh Rajasekharan, Nikhil Rangarajan, Satwik Patnaik, Ozgur Sinanoglu, Yogesh Singh Chauhan

Research output: Contribution to journalArticlepeer-review

Abstract

Deep neural networks (DNNs) form a critical infrastructure supporting various systems, spanning from the iPhone neural engine to imaging satellites and drones. The design of these neural cores is often proprietary or a military secret. Nevertheless, they remain vulnerable to model replication attacks that seek to reverse engineer the network's synaptic weights. In this article, we propose SCANet (Superparamagnetic-MTJ Crossbar Array Networks), a novel defense mechanism against such model stealing attacks by utilizing the innate stochasticity in superparamagnets. When used as the synapse in DNNs, superparamagnetic magnetic tunnel junctions (s-MTJs) are shown to be significantly more secure than prior memristor-based solutions. The thermally induced telegraphic switching in the s-MTJs is robust and uncontrollable, thus thwarting the attackers from obtaining sensitive data from the network. Using a mixture of both superparamagnetic and conventional MTJs in the neural network (NN), the designer can optimize the time period between the weight updation and the power consumed by the system. Furthermore, we propose a modified NN architecture that can prevent replication attacks while minimizing power consumption. We investigate the effect of the number of layers in the deep network and the number of neurons in each layer on the sharpness of accuracy degradation when the network is under attack. We also explore the efficacy of SCANet in real-time scenarios, using a case study on object detection.

Original languageEnglish (US)
JournalIEEE transactions on neural networks and learning systems
DOIs
StateAccepted/In press - 2021

Keywords

  • Artificial neural networks
  • Deep neural network (DNN)
  • hardware security
  • Magnetic domains
  • Magnetic separation
  • Magnetic switching
  • magnetic tunnel junction (MTJ)
  • Magnetic tunneling
  • model replication attack
  • Perpendicular magnetic anisotropy
  • Saturation magnetization
  • superparamagnets.

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computer Networks and Communications
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'SCANet: Securing the Weights With Superparamagnetic-MTJ Crossbar Array Networks'. Together they form a unique fingerprint.

Cite this