Presentation
Non-Negative AdderNet (NNAN): Can We Make DNNs More Secure and Efficient Without Multiplication?
DescriptionIn the vision domain, AdderNet emerges as a hardware-efficient alternative to traditional Convolutional Neural Networks (CNNs) by replacing multiplications with additions. However, the security aspect of AdderNet remains under-explored. To this end, we consider a pivotal question: Does AdderNet compromise model security to hardware efficiency. In this paper, we extend the investigation on the AdderNet vulnerabilities to adversarial weight perturbation attack, e.g., Bit-Flip Attack (BFA) for the first time, and empirically demonstrate that AdderNet is indeed more susceptible against BFA. To preserve both the hardware efficiency of AdderNet and defend against BFA, we propose a novel Secure Non-Negative AdderNet (NNAN) model incorporating a lightweight non-positive weight encoding technique. NNAN enables lightweight, real-time detection and correction by securing (a) the Most Significant Bits (MSBs) of all weights and (b) second MSBs in the non-positive encoded weights. To test the resilience of our proposed defense further, we perform an advanced BFA (BFA+) where the attacker has sufficient knowledge about the proposed encoding scheme. Our results indicate that NNAN defends BFA successfully and requires a higher number of attack cycles to be compromised against BFA+, which concludes robustness can be achieved through additive architectures w/o multiplication.
Event Type
Networking
Work-in-Progress Poster
TimeMonday, June 236:00pm - 7:00pm PDT
LocationLevel 2 Lobby