HarDNN: Feature Map Vulnerability Evaluation in CNNs

Mahmoud, Abdulrahman; Hari, Siva Kumar Sastry; Fletcher, Christopher W.; Adve, Sarita V.; Sakr, Charbel; Shanbhag, Naresh R.; Molchanov, Pavlo; Sullivan, Michael B.; Tsai, Timothy; Keckler, Stephen W.

doi:10.48550/arxiv.2002.09786

Cited by 10 publications

(14 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, performing FIs to obtain a comprehensive training set is prohibitively expensive for large DNNs (such large DNNs are not studied in [15]). Mahmoud et.al [16] use statistical fault injection to identify vulnerable regions in DNNs, and selectively duplicate the vulnerable computations for protection. However, their approach incurs high computational overheads (due to the use of duplication), and also provides only limited protection coverage.…”

Section: Related Workmentioning

confidence: 99%

“…Duplicating hardware components adds to the total cost of the system, and requires synchronization and voting. DNN-specific techniques have been proposed to enhance the error resilience of DNNs [12], [15], [16]. However, they either suffer from significant false positives (e.g., raise an alarm when there is no fault present), or require significant implementation effort (Section VI).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Low-cost Fault Corrector for Deep Neural Networks through Range Restriction

Chen¹,

Li²,

Pattabiraman³

2020

Preprint

View full text Add to dashboard Cite

With the emerging adoption of deep neural networks (DNNs) in the HPC domain, the reliability of DNNs is also growing in importance. As prior studies demonstrate the vulnerability of DNNs to hardware transient faults (i.e., soft errors), there is a compelling need for an efficient technique to protect DNNs from soft errors. While the inherent resilience of DNNs can tolerate some transient faults (which would not affect the system's output), prior work has found there are critical faults that cause safety violations (e.g., misclassification). In this work, we exploit the inherent resilience of DNNs to protect the DNNs from critical faults. In particular, we propose Ranger, an automated technique to selectively restrict the ranges of values in particular DNN layers, which can dampen the large deviations typically caused by critical faults to smaller ones. Such reduced deviations can usually be tolerated by the inherent resilience of DNNs. Ranger can be integrated into existing DNNs without retraining, and with minimal effort. Our evaluation on 8 DNNs (including two used in self-driving car applications) demonstrates that Ranger can achieve significant resilience boosting without degrading the accuracy of the model, and incurring negligible overheads.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Low-cost Fault Corrector for Deep Neural Networks through Range Restriction

Chen¹,

Li²,

Pattabiraman³

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…To mitigate their negative impact, several techniques have been proposed [51], [53]- [57]. Some of these techniques only cover limited faults [55] and/or incur significant overheads [53] [56]. For instance, techniques in [53] employ a separate network to detect the anomaly in the output.…”

Section: A Reliability Threats and Mitigation Techniquesmentioning

confidence: 99%

Towards Energy-Efficient and Secure Edge AI: A Cross-Layer Framework

Shafique,

Marchisio,

Putra

et al. 2021

Preprint

View full text Add to dashboard Cite

The security and privacy concerns along with the amount of data that is required to be processed on regular basis has pushed processing to the edge of the computing systems. Deploying advanced Neural Networks (NN), such as deep neural networks (DNNs) and spiking neural networks (SNNs), that offer state-of-the-art results on resourceconstrained edge devices is challenging due to the stringent memory and power/energy constraints. Moreover, these systems are required to maintain correct functionality under diverse security and reliability threats. This paper first discusses existing approaches to address energy efficiency, reliability, and security issues at different system layers, i.e., hardware (HW) and software (SW). Afterward, we discuss how to further improve the performance (latency) and the energy efficiency of Edge AI systems through HW/SW-level optimizations, such as pruning, quantization, and approximation. To address reliability threats (like permanent and transient faults), we highlight cost-effective mitigation techniques, like fault-aware training and mapping. Moreover, we briefly discuss effective detection and protection techniques to address security threats (like model and data corruption). Towards the end, we discuss how these techniques can be combined in an integrated cross-layer framework for realizing robust and energy-efficient Edge AI systems.

show abstract

“…Recent works have illustrated the potentially-catastrophic effects of soft errors on NNs through fault injection tools [27,28,52,58] and neutron beam experiments [35]. This has spurred many approaches for fault tolerance in NNs, such as leveraging the "inherent robustness" of NNs [66,77,85], training NNs to tolerate faults [49], anomalous activation suppression [26,67], selective feature hardening [59], and learning to detect faults [56,70,72]. Our focus in this work is on leveraging ABFT to detect errors in NN inference.…”

Section: Related Workmentioning

confidence: 99%

Arithmetic-Intensity-Guided Fault Tolerance for Neural Network Inference on GPUs

Kosaian,

Rashmi

2021

Preprint

View full text Add to dashboard Cite

Neural networks (NNs) are increasingly employed in domains that require high reliability, such as scientific computing and safetycritical systems, as well as in environments more prone to unreliability (e.g., soft errors), such as on spacecraft. As recent work has shown that faults in NN inference can lead to mispredictions and safety hazards, it is critical to impart fault tolerance to NN inference. Algorithm-based fault tolerance (ABFT) is emerging as an appealing approach for efficient fault tolerance in NNs.In this work, we identify new, unexploited opportunities for low-overhead ABFT for NN inference: current inference-optimized GPUs have high compute-to-memory-bandwidth ratios, while many layers of current and emerging NNs have low arithmetic intensity. This leaves many convolutional and fully-connected layers in NNs memory-bandwidth-bound. These layers thus exhibit stalls in computation that could be filled by redundant execution, but that current approaches to ABFT for NN inference cannot exploit.To reduce execution-time overhead for such memory-bandwidthbound layers, we first investigate thread-level ABFT schemes for inference-optimized GPUs that exploit this fine-grained compute underutilization. We then propose intensity-guided ABFT, an adaptive, arithmetic-intensity-guided approach to ABFT that selects the best ABFT scheme for each individual layer between traditional approaches to ABFT, which are suitable for compute-bound layers, and thread-level ABFT, which is suitable for memory-bandwidthbound layers. Through this adaptive approach, intensity-guided ABFT reduces execution-time overhead by 1.09-5.3× across a variety of NNs, lowering the cost of fault tolerance for current and future NN inference workloads.

show abstract

HarDNN: Feature Map Vulnerability Evaluation in CNNs

Cited by 10 publications

References 17 publications

A Low-cost Fault Corrector for Deep Neural Networks through Range Restriction

A Low-cost Fault Corrector for Deep Neural Networks through Range Restriction

Towards Energy-Efficient and Secure Edge AI: A Cross-Layer Framework

Arithmetic-Intensity-Guided Fault Tolerance for Neural Network Inference on GPUs

Contact Info

Product

Resources

About