Abstract

The rapid advancement of modern deep neural networks (DNNs) has played a crucial role in aiding humans across many real-world applications; yet, their hardware accelerators have been proven to be vulnerable to malicious attacks. One particularly severe and serious attack involves inserting a hardware Trojan (HT) into DNN accelerator hardware in order to enable attackers to stealthily manipulate model predictions during the supply chain. In this paper, we present a possible stealthy HT architecture that is difficult to detect and has a significant impact on the performance of DNN models. To successfully achieve this goal, we introduce the Sensitivity-Based Weight Selection (SBWS) algorithm, a novel technique that adapts machine learning (ML) sensitivity analysis to identify and modify a small number of weights that have the highest impact on DNN performance, compared to previous work. We evaluate the proposed attack on five DNN model tests (two distinct DNN models and four different datasets) using two designed payload types (weight zeroing and sign-flipping) and record the results based on various security metrics. The experimental results show average accuracy reductions of 26.7% for the zeroing attack and 48.1% for the sign-flipping attack, yielding an overall average of 37.4%, calculated over five independent runs per dataset with standard deviation <2%. The sign-flipping technique consistently outperforms zeroing because it preserves the magnitudes of the attacked weights while inverting their signs, thereby disrupting the learned decision boundaries more severely and amplifying error propagation in subsequent layers. These results significantly exceed those of previous random-weight perturbation attacks (typically 12–20% drops) and other targeted HT approaches while incurring lower computational and hardware resource overheads. This work provides a more effective and scalable method for assessing the vulnerability of DNN accelerators under real supply chain threat models.

IPC Classification

Keywords