DNNs are known to be vulnerable to so-called adversarial attacks, in which inputs are carefully manipulated to induce misclassification. Existing defenses are mostly software-based and come with high overheads or other limitations. This paper presents HASI, a hardware-accelerated defense that uses a process we call stochastic inference to detect adversarial inputs. HASI carefully injects noise into the model at inference time and used the model's response to differentiate adversarial inputs from benign ones. We show an adversarial detection rate of average 87% which exceeds the detection rate of the state-of-the-art approaches, with a much lower overhead. We demonstrate a software/hardware-accelerated co-design, which reduces the performance impact of stochastic inference to 1.58X-2X relative to the unprotected baseline, compared to 14X-20X overhead for a software-only GPU implementation.

中文翻译：

---

HASI：硬件加速随机推理，防御对抗性机器学习攻击

众所周知，DNN 容易受到所谓的对抗性攻击，在这种攻击中，输入被仔细操纵以导致错误分类。现有的防御大多基于软件，并且具有高开销或其他限制。本文介绍了 HASI，这是一种硬件加速防御，它使用我们称为随机推理的过程来检测对抗性输入。HASI 在推理时小心地将噪声注入模型，并使用模型的响应来区分对抗性输入和良性输入。我们展示了平均 87% 的对抗检测率，这超过了最先进方法的检测率，并且开销要低得多。我们展示了一种软件/硬件加速的协同设计，它相对于未受保护的基线将随机推理的性能影响降低到 1.58X-2X，