Presentation
Older and Wise: The Marriage of Device Aging and Intellectual Property Protection of DNNs
DescriptionDeep Neural Networks (DNNs), such as the widely-used ChatGPT model containing billions of parameters, are often kept secret due to the high training costs and privacy concerns surrounding the data used to train them.
Previous approaches to securing DNNs typically require expensive circuit redesign, resulting in additional overheads such as increased area, energy consumption, and latency. To address these issues, we propose a novel hardware-software co-design for DNN protection that leverages the inherent aging characteristics of circuits to provide effect protection.
Hardware-side, we employ random aging to produce authorized chips. This process circumvents the need for chip redesign, thereby eliminating any additional energy and area overhead. Moreover, the authorized chips demonstrate a considerable disparity in DNN inference performance when compared to unauthorized third-party chips. Software-side, we propose a novel Differential Orientation Fine-tuning method, which allows pre-trained DNNs to maintain its original accuracy on authorized chips with minimal fine-tuning, while the model's performance on unauthorized chips is reduced to random guessing. Comprehensive experiments on MLP, VGG, ResNet, Mixer and SwinTransformer validate the efficacy of our method.
Previous approaches to securing DNNs typically require expensive circuit redesign, resulting in additional overheads such as increased area, energy consumption, and latency. To address these issues, we propose a novel hardware-software co-design for DNN protection that leverages the inherent aging characteristics of circuits to provide effect protection.
Hardware-side, we employ random aging to produce authorized chips. This process circumvents the need for chip redesign, thereby eliminating any additional energy and area overhead. Moreover, the authorized chips demonstrate a considerable disparity in DNN inference performance when compared to unauthorized third-party chips. Software-side, we propose a novel Differential Orientation Fine-tuning method, which allows pre-trained DNNs to maintain its original accuracy on authorized chips with minimal fine-tuning, while the model's performance on unauthorized chips is reduced to random guessing. Comprehensive experiments on MLP, VGG, ResNet, Mixer and SwinTransformer validate the efficacy of our method.
Event Type
Research Manuscript
TimeWednesday, June 263:45pm - 4:00pm PDT
Location3002, 3rd Floor
AI
Security
AI/ML Security/Privacy