Mitigating Slow-to-Write Errors in Memristor-Mapped Graph Neural Networks Induced by Adversarial Attacks

Graph neural networks (GNNs) are becoming popular in various real-world applications. However, hardware-level security is a concern when GNN models are mapped to emerging neuromorphic computing architectures, such as memristor-based crossbars. We identify a vulnerability of memristor-mapped GNNs and...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computer-aided design of integrated circuits and systems 2024-08, Vol.43 (8), p.2411-2425
Main Authors: Chen, Ching-Yuan, Joardar, Biresh Kumar, Doppa, Janardhan Rao, Pande, Partha Pratim, Chakrabarty, Krishnendu
Format: Article
Language:English
Subjects:
Computational modeling
Countermeasures
Design parameters
Effectiveness
Errors
Graph neural networks
Graph theory
hardware security
in-memory computing
machine learning
Memristors
Neural networks
Security
Structured data
Switches
threat models
Virtual machine monitors
Voltage
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Graph neural networks (GNNs) are becoming popular in various real-world applications. However, hardware-level security is a concern when GNN models are mapped to emerging neuromorphic computing architectures, such as memristor-based crossbars. We identify a vulnerability of memristor-mapped GNNs and propose an attack mechanism based on the identified vulnerability. The proposed attack tampers memristor-mapped graph-structured data of a GNN by injecting adversarial edges to the graph and inducing slow-to-write errors in crossbars. We present a defense mechanism based on the write-verify (WV) scheme. We analyze the effectiveness of the WV-based defense and provide theoretical security guarantees. This analysis also provides guidance for selecting appropriate design parameters for the WV scheme to ensure its effectiveness in countering slow-to-write errors induced by attacks. Experimental results for the proposed attack show that there is a 5.72\times increase in the success rate compared to a software-based baseline. We also demonstrate the efficacy of the WV-based defense in mitigating all slow-to-write errors induced by the proposed attack.
ISSN:0278-0070
1937-4151
DOI:10.1109/TCAD.2024.3372444