TY - JOUR
T1 - Improving the accuracy and robustness of RRAM-based in-memory computing against RRAM hardware noise and adversarial attacks
AU - Kiran Cherupally, Sai
AU - Meng, Jian
AU - Siraj Rakin, Adnan
AU - Yin, Shihui
AU - Yeo, Injune
AU - Yu, Shimeng
AU - Fan, Deliang
AU - Seo, Jae Sun
N1 - Publisher Copyright:
© 2022 IOP Publishing Ltd.
PY - 2022/3
Y1 - 2022/3
N2 - We present a novel deep neural network (DNN) training scheme and resistive RAM (RRAM) in-memory computing (IMC) hardware evaluation towards achieving high accuracy against RRAM device/array variations and enhanced robustness against adversarial input attacks. We present improved IMC inference accuracy results evaluated on state-of-the-art DNNs including ResNet-18, AlexNet, and VGG with binary, 2-bit, and 4-bit activation/weight precision for the CIFAR-10 dataset. These DNNs are evaluated with measured noise data obtained from three different RRAM-based IMC prototype chips. Across these various DNNs and IMC chip measurements, we show that our proposed hardware noise-aware DNN training consistently improves DNN inference accuracy for actual IMC hardware, up to 8% accuracy improvement for the CIFAR-10 dataset. We also analyze the impact of our proposed noise injection scheme on the adversarial robustness of ResNet-18 DNNs with 1-bit, 2-bit, and 4-bit activation/weight precision. Our results show up to 6% improvement in the robustness to black-box adversarial input attacks.
AB - We present a novel deep neural network (DNN) training scheme and resistive RAM (RRAM) in-memory computing (IMC) hardware evaluation towards achieving high accuracy against RRAM device/array variations and enhanced robustness against adversarial input attacks. We present improved IMC inference accuracy results evaluated on state-of-the-art DNNs including ResNet-18, AlexNet, and VGG with binary, 2-bit, and 4-bit activation/weight precision for the CIFAR-10 dataset. These DNNs are evaluated with measured noise data obtained from three different RRAM-based IMC prototype chips. Across these various DNNs and IMC chip measurements, we show that our proposed hardware noise-aware DNN training consistently improves DNN inference accuracy for actual IMC hardware, up to 8% accuracy improvement for the CIFAR-10 dataset. We also analyze the impact of our proposed noise injection scheme on the adversarial robustness of ResNet-18 DNNs with 1-bit, 2-bit, and 4-bit activation/weight precision. Our results show up to 6% improvement in the robustness to black-box adversarial input attacks.
KW - Adversarial defense with RRAM noise
KW - IMC noise-aware training
KW - RRAM-friendly DNNs
UR - http://www.scopus.com/inward/record.url?scp=85123870212&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85123870212&partnerID=8YFLogxK
U2 - 10.1088/1361-6641/ac461f
DO - 10.1088/1361-6641/ac461f
M3 - Article
AN - SCOPUS:85123870212
SN - 0268-1242
VL - 37
JO - Semiconductor Science and Technology
JF - Semiconductor Science and Technology
IS - 3
M1 - 034001
ER -