DeepShuffle: A Lightweight Defense Framework against Adversarial Fault Injection Attacks on Deep Neural Networks in Multi-Tenant Cloud-FPGA
Yukui Luo, Adnan Siraj Rakin, Deliang Fan, Xiaolin Xu
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 5
This talk introduces **DeepShuffle**, a novel and lightweight defense framework designed to protect **Deep Neural Networks (DNNs)** from **adversarial fault injection attacks** within **multi-tenant cloud-FPGA** environments. Presented by Yukui Luo and his co-authors, the research addresses a critical security vulnerability emerging with the increasing adoption of Field-Programmable Gate Array (FPGA) virtualization in cloud computing. While CPU and GPU virtualization are well-established, FPGA virtualization is a nascent field, presenting unique attack surfaces due to shared hardware resources like power distribution networks.
AI review
This research presents DeepShuffle, a lightweight, moving target defense against adversarial fault injection attacks targeting DNNs on multi-tenant cloud-FPGAs. By dynamically shuffling weight transmission order, it significantly increases attacker effort and preserves model accuracy without requiring costly retraining. This is a crucial, actionable defense for an emerging threat landscape.