Security Threat to the Robustness of RRAM-based Neuromorphic Computing System

The RRAM-based neuromorphic computing system (NCS) has amassed explosive interest due to its superior data processing capability and energy efficiency compared with traditional architectures, and thus being widely adopted even in many safety-sensitive applications. The robustness of the RRAM-based NCS, therefore, becomes an essential concern. In this paper, we present the insight that the inherent variation in RRAM devices arises as a security threat to the robustness of RRAM-based neuromorphic computing systems. We present VADER and EFI, two hardware-aware attack methods, targeting different attack scenarios and objectives, to RRAM-based neuromorphic systems. VADER perturbs the input samples to mislead the prediction of neural networks. At the same time, EFI distorts the network parameter space to stealthily predict a specified sample to a designated and incorrect category. Both attack methods leverage the RRAM variation to improve the attack performance (i.e., efficiency, effectiveness, and stealthiness). Experimental results show that our hardware-aware attack methods can achieve almost 100% attack success rate with a meager attack cost while maintaining attack stealthiness.