Our Vision
We envision a machine learning landscape where reliability and robustness are not an afterthought, but a foundational pillar—enabling dependable execution even in the presence of various threats in real-world environments. Hardware faults, such as soft errors, can suddenly affect the results of machine learning models. Malicious attackers can add adversarial perturbation to the input to change the inference result. Even in the absence of faults and adversarial attacks, the machine learning model can encounter untrained, out-of-distribution (OOD) inputs that the model cannot handle correctly. Our goal is to empower reliable and robust machine learning models with holistic countermeasures against soft errors, adversarial inputs, and OOD inputs.
Introduction
Challenge:
With the surge of deep neural networks (DNNs), machine learning plays a key role in most modern computing including safety-critical applications such as autonomous driving. In such safety-critical applications, malfunction of machine learning models can result in catastrophic consequences. In real-world environments, various threats such as soft errors, adversarial attacks, and out-of-distribution (OOD) inputs can induce the malfunction of machine learning models. This research aims to detect such threats, and further, differentiate and handle the detected threats.
Reliability Enhancement for Machine Learning Against Soft Errors
Neural networks have been known to be inherently robust against faults due to their distributed structure and intrinsic redundancy. Still, a recent study1 found that neural networks without protection cannot satisfy the strict reliability standard. Various studies proposed soft error mitigation solutions based on fault detection algorithm, training additional small network to mitigate the fault, or detecting the abnormal activation values. Among such solutions, algorithm-based fault tolerance (ABFT) solutions for neural networks can provide higher fault detection capability. Our research extended previous detection-only ABFT to detect and correct the fault, with the error correction algorithm based on the hamming distance and software-level checkpointing for deep neural networks.
Detecting, Differentiating, and Mitigating Different Types of Threats
Since it is almost impossible to ensure the correctness of machine learning model in the presence of threats including soft errors, adversarial attacks, and out-of-distribution (OOD) inputs, it is essential to detect such threats. The straightforward solution after the detection of threats is rejecting the inference under the effect of the threat to avoid the malfunction. A more advanced approach may involve applying tailored countermeasure for each threat, but applying proper countermeasure requires correct differentiation between threats. For example, re-executing the inference in the presence of a soft error can resolve the effect of fault, while the re-execution cannot handle adversarial attacks and OOD inputs. Our research topic includes holistic detecting and differentiating solutions against soft errors, adversarial attacks, and OOD inputs as well as mitigation solutions for each threat.
1He, Y., Balaprakash, P., & Li, Y. (2020, October). Fidelity: Efficient resilience analysis framework for deep learning accelerators. In 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO) (pp. 270-281). IEEE.