Approximate computing remains vulnerable to attacks; Mizzou Engineers to present findings at IEEE DATE conference

December 01, 2021


Khaza Anuarul Hoque

Companies relying on faster, less precise computing to gain energy efficiency still need to be cautious against cyberattacks despite a recent study that indicated otherwise, Mizzou Engineers have found.

At the heart of the research is approximate computing, which is known for its effectiveness in improvising the energy efficiency of deep neural network (DNN) accelerators at the cost of slight accuracy loss.

“One issue in machine learning is that the ML hardware is very power-hungry,” said Khaza Anuarul Hoque, an assistant professor of electrical engineering and computer science and director of the Dependable Cyber-Physical Systems (DCPS) Laboratory. “Using approximate components will help you significantly reduce energy consumption and does not impact accuracy as much as expected, so the error is tolerable.”

However, one concern with using approximate components is their susceptibility to attacks. These so-called adversarial attacks are intelligently designed by an attacker to slightly modify input images by adding a small amount of perturbation that’s hard for human eyes to detect. As a result, these altered images can easily fool a machine learning algorithm.

At one of the top computer architecture conferences earlier this year, a research team proposed a new approximation component claiming that it not only provides energy efficiency to the ML hardware but also provides defense against adversarial attacks.

Hoque was skeptical. He and Ayesha Siddique, a Ph.D. student in electrical and computer engineering, tested the proposed defense technique by evaluating nine approximate multipliers against 10 different types of attacks on images found in two commonly used datasets. While the defense strategy worked in some cases, there were many cases where it failed miserably, Siddique said.

Siddique portrait


“We did a lot of experiments and what we found is their claim is true only in some cases, but it is not a universal solution,” Hoque said. “Even though their paper published at that top conference is a good start and has the potential to open a new research direction, we’ve written a paper in response saying ‘Stop. What they’re claiming is not a universal solution and can be potentially dangerous, and we have the proof.’”

Approximate computing is still a good solution to gain energy efficiency, he said, but he warned that users must be careful because these systems are still susceptible to attacks.

“What we’re saying is don’t blindly accept that approximation will give you defense,” he said.

Hoque and Siddique will present their findings at the Design, Automation and Test in Europe (DATE) conference in March. DATE, under the umbrella of the Institute of Electrical and Electronics Engineering (IEEE) is one of the most prestigious conferences in the area of hardware and electronic design automation.

Hoque’s team is now further studying approximate computing to try to design a better defense mechanism.

“We found the loopholes, so the next step is to fill in that loophole and come up with something that stands up against all different types of adversarial attacks and different strengths of those attacks,” Hoque said. “Approximate computing systems need to be further studied for real-world applications to provide a cyber defense.”