Deep neural networks (DNNs) have become one of the enabling technologies in many safety-critical applications, e.g., autonomous driving and medical image analysis. DNN systems, however, suffer from various kinds of threats, such as adversarial example attacks and fault injection attacks. While there are many defense methods proposed against maliciously crafted inputs, solutions against faults presented in the DNN system itself (e.g., parameters and calculations) are far less explored. In this paper, we develop a novel lightweight fault-tolerant solution for DNN-based systems, namely DeepDyve, which employs pre-trained neural networks that are far simpler and smaller than the original DNN for dynamic verification. The key to enabling such lightweight checking is that the smaller neural network only needs to produce approximate results for the initial task without sacrificing fault coverage much. We develop efficient and effective architecture and task exploration techniques to achieve optimized risk/overhead trade-off in DeepDyve. Experimental results show that DeepDyve can reduce 90% of the risks at around 10% overhead.

中文翻译：

---

DeepDyve：深度神经网络的动态验证

深度神经网络 (DNN) 已成为许多安全关键应用（例如自动驾驶和医学图像分析）中的支持技术之一。然而，DNN 系统受到各种威胁，例如对抗性示例攻击和故障注入攻击。虽然针对恶意制作的输入提出了许多防御方法，但针对 DNN 系统本身中出现的故障（例如，参数和计算）的解决方案却很少被探索。在本文中，我们为基于 DNN 的系统开发了一种新颖的轻量级容错解决方案，即 DeepDyve，它采用比原始 DNN 更简单、更小的预训练神经网络进行动态验证。启用这种轻量级检查的关键是较小的神经网络只需要为初始任务生成近似结果，而不会过多地牺牲故障覆盖率。我们开发高效的架构和任务探索技术，以在 DeepDyve 中实现优化的风险/开销权衡。实验结果表明，DeepDyve 可以以 10% 左右的开销降低 90% 的风险。