Go to DBLP homepageReliable Hardware Watermarks for Deep Learning Systems
Abstract: Recent successes in deep learning have indicated that hardware technologies will play a prominent role in future deep learning industries and applications. In light of their value, researchers have recognized that deep neural networks (DNNs) and other deep learning intellectual properties (IPs) can be easily pirated, especially in undefended settings. While multiple avenues of defending deep learning systems have been identified, watermarks are particularly valuable as they allow IP theft to be identified and remedied when it occurs. However, such defenses have yet to be considered for defending the hardware platforms running the deep learning systems. This article presents the first framework for applying watermarks toward defending deep-learning hardware accelerators from piracy, called DeepHardMark. The proposed methodology embeds modifications into the functional blocks of deep-learning hardware accelerators to act as a watermark signature. These modifications produce targeted alterations to the execution of key DNNs on corresponding key samples, which identifies the hardware. We optimize this methodology to simultaneously minimize the impact of the watermark embedding on both the hardware and algorithmic components of the deep learning system making the watermark unobtrusive and challenging to detect. Our experimental evaluations demonstrate the feasibility of embedding the proposed modifications into typical hardware designs and in various deep-learning scenarios.
External IDs:dblp:journals/tvlsi/ClementsL24
Loading