{"id":"https://openalex.org/W3127436526","doi":"https://doi.org/10.1145/3394885.3431639","title":"Security of Neural Networks from Hardware Perspective","display_name":"Security of Neural Networks from Hardware Perspective","publication_year":2021,"publication_date":"2021-01-18","ids":{"openalex":"https://openalex.org/W3127436526","doi":"https://doi.org/10.1145/3394885.3431639","mag":"3127436526"},"language":"en","primary_location":{"id":"doi:10.1145/3394885.3431639","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3394885.3431639","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3394885.3431639","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th Asia and South Pacific Design Automation Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3394885.3431639","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015070751","display_name":"Qian Xu","orcid":"https://orcid.org/0000-0001-6143-9787"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qian Xu","raw_affiliation_strings":["University of Maryland, College Park, Maryland"],"affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, Maryland","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077280198","display_name":"Md Tanvir Arafin","orcid":"https://orcid.org/0000-0002-5179-5216"},"institutions":[{"id":"https://openalex.org/I83909951","display_name":"Morgan State University","ror":"https://ror.org/017d8gk22","country_code":"US","type":"education","lineage":["https://openalex.org/I83909951"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Md Tanvir Arafin","raw_affiliation_strings":["Morgan State University, Baltimore, Maryland"],"affiliations":[{"raw_affiliation_string":"Morgan State University, Baltimore, Maryland","institution_ids":["https://openalex.org/I83909951"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012474783","display_name":"Gang Qu","orcid":"https://orcid.org/0000-0001-6759-8949"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gang Qu","raw_affiliation_strings":["University of Maryland, College Park, Maryland"],"affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, Maryland","institution_ids":["https://openalex.org/I66946132"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5015070751"],"corresponding_institution_ids":["https://openalex.org/I66946132"],"apc_list":null,"apc_paid":null,"fwci":3.2632,"has_fulltext":true,"cited_by_count":27,"citation_normalized_percentile":{"value":0.93111488,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"449","last_page":"454"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.7479384541511536},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7331383228302002},{"id":"https://openalex.org/keywords/hardware-security-module","display_name":"Hardware security module","score":0.6199619174003601},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5989570021629333},{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.5928419828414917},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.532071590423584},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.47309330105781555},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4376237690448761},{"id":"https://openalex.org/keywords/intellectual-property","display_name":"Intellectual property","score":0.42364501953125},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.42180347442626953},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.4130253195762634},{"id":"https://openalex.org/keywords/computer-architecture","display_name":"Computer architecture","score":0.39615964889526367},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.374423623085022},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33240586519241333},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.33060330152511597},{"id":"https://openalex.org/keywords/computer-engineering","display_name":"Computer engineering","score":0.32708242535591125},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13428157567977905}],"concepts":[{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.7479384541511536},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7331383228302002},{"id":"https://openalex.org/C39217717","wikidata":"https://www.wikidata.org/wiki/Q1432354","display_name":"Hardware security module","level":3,"score":0.6199619174003601},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5989570021629333},{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.5928419828414917},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.532071590423584},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.47309330105781555},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4376237690448761},{"id":"https://openalex.org/C34974158","wikidata":"https://www.wikidata.org/wiki/Q131257","display_name":"Intellectual property","level":2,"score":0.42364501953125},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.42180347442626953},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.4130253195762634},{"id":"https://openalex.org/C118524514","wikidata":"https://www.wikidata.org/wiki/Q173212","display_name":"Computer architecture","level":1,"score":0.39615964889526367},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.374423623085022},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33240586519241333},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.33060330152511597},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.32708242535591125},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13428157567977905},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3394885.3431639","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3394885.3431639","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3394885.3431639","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th Asia and South Pacific Design Automation Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3394885.3431639","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3394885.3431639","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3394885.3431639","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th Asia and South Pacific Design Automation Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.4099999964237213,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3127436526.pdf","grobid_xml":"https://content.openalex.org/works/W3127436526.grobid-xml"},"referenced_works_count":64,"referenced_works":["https://openalex.org/W1493774699","https://openalex.org/W1534096439","https://openalex.org/W2625555681","https://openalex.org/W2754815949","https://openalex.org/W2771112233","https://openalex.org/W2773506996","https://openalex.org/W2785405530","https://openalex.org/W2789993878","https://openalex.org/W2807765471","https://openalex.org/W2807835252","https://openalex.org/W2808426733","https://openalex.org/W2809188712","https://openalex.org/W2809523935","https://openalex.org/W2891810898","https://openalex.org/W2893143132","https://openalex.org/W2899435347","https://openalex.org/W2903582334","https://openalex.org/W2906869444","https://openalex.org/W2921058674","https://openalex.org/W2943220429","https://openalex.org/W2944442501","https://openalex.org/W2946801000","https://openalex.org/W2962939738","https://openalex.org/W2963037989","https://openalex.org/W2963389226","https://openalex.org/W2963750162","https://openalex.org/W2964923388","https://openalex.org/W2965565691","https://openalex.org/W2971687264","https://openalex.org/W2973780393","https://openalex.org/W2974645258","https://openalex.org/W2981860227","https://openalex.org/W2984635881","https://openalex.org/W2986013765","https://openalex.org/W2987241895","https://openalex.org/W2990650295","https://openalex.org/W3008983606","https://openalex.org/W3026196565","https://openalex.org/W3033544024","https://openalex.org/W3046769567","https://openalex.org/W3046853140","https://openalex.org/W3049152512","https://openalex.org/W3080934051","https://openalex.org/W3082305010","https://openalex.org/W3083045783","https://openalex.org/W3091214985","https://openalex.org/W3092516112","https://openalex.org/W3092557510","https://openalex.org/W3095939721","https://openalex.org/W3102836279","https://openalex.org/W3102908045","https://openalex.org/W3104216513","https://openalex.org/W3107089345","https://openalex.org/W3110986688","https://openalex.org/W3111943226","https://openalex.org/W3118164462","https://openalex.org/W3161537920","https://openalex.org/W4205540825","https://openalex.org/W4230841294","https://openalex.org/W4236601256","https://openalex.org/W4288337628","https://openalex.org/W4289146347","https://openalex.org/W4299542054","https://openalex.org/W4315746341"],"related_works":["https://openalex.org/W3081831718","https://openalex.org/W4321062069","https://openalex.org/W3006530033","https://openalex.org/W2020774388","https://openalex.org/W2399542024","https://openalex.org/W2949421005","https://openalex.org/W1572026319","https://openalex.org/W25847796","https://openalex.org/W4205635821","https://openalex.org/W3127436526"],"abstract_inverted_index":{"Recent":[0],"advances":[1],"in":[2,9,38,43],"neural":[3,46],"networks":[4,47],"(NNs)":[5],"and":[6,22,36,76,90,144],"their":[7],"applications":[8],"deep":[10,45,120],"learning":[11,121,146],"techniques":[12],"have":[13],"made":[14],"the":[15,33,39,52,61,82,91,97,103,112,137],"security":[16,34],"aspects":[17],"of":[18,99,106,115,140],"NNs":[19],"an":[20],"important":[21],"timely":[23],"topic":[24,114],"for":[25,56,102,119,131],"fundamental":[26],"research.":[27],"In":[28],"this":[29],"paper,":[30],"we":[31,50,59,80,110,127],"survey":[32],"challenges":[35],"opportunities":[37,130],"computing":[40],"hardware":[41,53,71,132],"used":[42],"implementing":[44],"(DNN).":[48],"First,":[49],"explore":[51],"attack":[54],"surfaces":[55],"DNN.":[57],"Then,":[58],"report":[60],"current":[62],"state-of-the-art":[63],"hardware-based":[64],"attacks":[65,89],"on":[66,70,85,124],"DNN":[67],"with":[68],"focus":[69],"Trojan":[72],"insertion,":[73],"fault":[74],"injection,":[75],"side-channel":[77],"analysis.":[78],"Next,":[79],"discuss":[81],"recent":[83],"development":[84],"detecting":[86],"these":[87],"hardware-oriented":[88],"corresponding":[92],"countermeasures.":[93],"We":[94],"also":[95],"study":[96],"application":[98],"secure":[100,136],"enclaves":[101],"trusted":[104],"execution":[105],"NN-based":[107],"algorithms.":[108],"Finally,":[109],"consider":[111],"emerging":[113],"intellectual":[116],"property":[117],"protection":[118],"systems.":[122],"Based":[123],"our":[125],"study,":[126],"find":[128],"ample":[129],"based":[133],"research":[134],"to":[135],"next":[138],"generation":[139],"DNN-based":[141],"artificial":[142],"intelligence":[143],"machine":[145],"platforms.":[147]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}