-
On the Road to Clarity: Exploring Explainable AI for World Models in a Driver Assistance System
Authors:
Mohamed Roshdi,
Julian Petzold,
Mostafa Wahby,
Hussein Ebrahim,
Mladen Berekovic,
Heiko Hamann
Abstract:
In Autonomous Driving (AD) transparency and safety are paramount, as mistakes are costly. However, neural networks used in AD systems are generally considered black boxes. As a countermeasure, we have methods of explainable AI (XAI), such as feature relevance estimation and dimensionality reduction. Coarse graining techniques can also help reduce dimensionality and find interpretable global patter…
▽ More
In Autonomous Driving (AD) transparency and safety are paramount, as mistakes are costly. However, neural networks used in AD systems are generally considered black boxes. As a countermeasure, we have methods of explainable AI (XAI), such as feature relevance estimation and dimensionality reduction. Coarse graining techniques can also help reduce dimensionality and find interpretable global patterns. A specific coarse graining method is Renormalization Groups from statistical physics. It has previously been applied to Restricted Boltzmann Machines (RBMs) to interpret unsupervised learning. We refine this technique by building a transparent backbone model for convolutional variational autoencoders (VAE) that allows map** latent values to input features and has performance comparable to trained black box VAEs. Moreover, we propose a custom feature map visualization technique to analyze the internal convolutional layers in the VAE to explain internal causes of poor reconstruction that may lead to dangerous traffic scenarios in AD applications. In a second key contribution, we propose explanation and evaluation techniques for the internal dynamics and feature relevance of prediction networks. We test a long short-term memory (LSTM) network in the computer vision domain to evaluate the predictability and in future applications potentially safety of prediction models. We showcase our methods by analyzing a VAE-LSTM world model that predicts pedestrian perception in an urban traffic situation.
△ Less
Submitted 26 April, 2024;
originally announced April 2024.
-
Reconfigurable Edge Hardware for Intelligent IDS: Systematic Approach
Authors:
Wadid Foudhaili,
Anouar Nechi,
Celine Thermann,
Mohammad Al Johmani,
Rainer Buchty,
Mladen Berekovic,
Saleh Mulhem
Abstract:
Intrusion detection systems (IDS) are crucial security measures nowadays to enforce network security. Their task is to detect anomalies in network communication and identify, if not thwart, possibly malicious behavior. Recently, machine learning has been deployed to construct intelligent IDS. This approach, however, is quite challenging particularly in distributed, highly dynamic, yet resource-con…
▽ More
Intrusion detection systems (IDS) are crucial security measures nowadays to enforce network security. Their task is to detect anomalies in network communication and identify, if not thwart, possibly malicious behavior. Recently, machine learning has been deployed to construct intelligent IDS. This approach, however, is quite challenging particularly in distributed, highly dynamic, yet resource-constrained systems like Edge setups. In this paper, we tackle this issue from multiple angles by analyzing the concept of intelligent IDS (I-IDS) while addressing the specific requirements of Edge devices with a special focus on reconfigurability. Then, we introduce a systematic approach to constructing the I-IDS on reconfigurable Edge hardware. For this, we implemented our proposed IDS on state-of-the-art Field Programmable Gate Arrays (FPGAs) technology as (1) a purely FPGA-based dataflow processor (DFP) and (2) a co-designed approach featuring RISC-V soft-core as FPGA-based soft-core processor (SCP). We complete our paper with a comparison of the state of the art (SoA) in this domain. The results show that DFP and SCP are both suitable for Edge applications from hardware resource and energy efficiency perspectives. Our proposed DFP solution clearly outperforms the SoA and demonstrates that required high performance can be achieved without prohibitively high hardware costs. This makes our proposed DFP suitable for Edge-based high-speed applications like modern communication technology.
△ Less
Submitted 13 April, 2024;
originally announced April 2024.
-
SystemC Model of Power Side-Channel Attacks Against AI Accelerators: Superstition or not?
Authors:
Andrija Nešković,
Saleh Mulhem,
Alexander Treff,
Rainer Buchty,
Thomas Eisenbarth,
Mladen Berekovic
Abstract:
As training artificial intelligence (AI) models is a lengthy and hence costly process, leakage of such a model's internal parameters is highly undesirable. In the case of AI accelerators, side-channel information leakage opens up the threat scenario of extracting the internal secrets of pre-trained models. Therefore, sufficiently elaborate methods for design verification as well as fault and secur…
▽ More
As training artificial intelligence (AI) models is a lengthy and hence costly process, leakage of such a model's internal parameters is highly undesirable. In the case of AI accelerators, side-channel information leakage opens up the threat scenario of extracting the internal secrets of pre-trained models. Therefore, sufficiently elaborate methods for design verification as well as fault and security evaluation at the electronic system level are in demand. In this paper, we propose estimating information leakage from the early design steps of AI accelerators to aid in a more robust architectural design. We first introduce the threat scenario before diving into SystemC as a standard method for early design evaluation and how this can be applied to threat modeling. We present two successful side-channel attack methods executed via SystemC-based power modeling: correlation power analysis and template attack, both leading to total information leakage. The presented models are verified against an industry-standard netlist-level power estimation to prove general feasibility and determine accuracy. Consequently, we explore the impact of additive noise in our simulation to establish indicators for early threat evaluation. The presented approach is again validated via a model-vs-netlist comparison, showing high accuracy of the achieved results. This work hence is a solid step towards fast attack deployment and, subsequently, the design of attack-resilient AI accelerators.
△ Less
Submitted 22 November, 2023;
originally announced November 2023.
-
Practical Trustworthiness Model for DNN in Dedicated 6G Application
Authors:
Anouar Nechi,
Ahmed Mahmoudi,
Christoph Herold,
Daniel Widmer,
Thomas Kürner,
Mladen Berekovic,
Saleh Mulhem
Abstract:
Artificial intelligence (AI) is considered an efficient response to several challenges facing 6G technology. However, AI still suffers from a huge trust issue due to its ambiguous way of making predictions. Therefore, there is a need for a method to evaluate the AI's trustworthiness in practice for future 6G applications. This paper presents a practical model to analyze the trustworthiness of AI i…
▽ More
Artificial intelligence (AI) is considered an efficient response to several challenges facing 6G technology. However, AI still suffers from a huge trust issue due to its ambiguous way of making predictions. Therefore, there is a need for a method to evaluate the AI's trustworthiness in practice for future 6G applications. This paper presents a practical model to analyze the trustworthiness of AI in a dedicated 6G application. In particular, we present two customized Deep Neural Networks (DNNs) to solve the Automatic Modulation Recognition (AMR) problem in Terahertz communications-based 6G technology. Then, a specific trustworthiness model and its attributes, namely data robustness, parameter sensitivity, and security covering adversarial examples, are introduced. The evaluation results indicate that the proposed trustworthiness attributes are crucial to evaluate the trustworthiness of DNN for this 6G application.
△ Less
Submitted 10 July, 2023;
originally announced July 2023.
-
A Comparison of High-Level Design Tools for SoC-FPGA on Disparity Map Calculation Example
Authors:
Shaodong Qin,
Mladen Berekovic
Abstract:
Modern SoC-FPGA that consists of FPGA with embedded ARM cores is being popularized as an embedded vision system platform. However, the design approach of SoC-FPGA applications still follows traditional hardware-software separate workflow, which becomes the barrier of rapid product design and iteration on SoC-FPGA. High-Level Synthesis (HLS) and OpenCL-based system-level design approaches provide p…
▽ More
Modern SoC-FPGA that consists of FPGA with embedded ARM cores is being popularized as an embedded vision system platform. However, the design approach of SoC-FPGA applications still follows traditional hardware-software separate workflow, which becomes the barrier of rapid product design and iteration on SoC-FPGA. High-Level Synthesis (HLS) and OpenCL-based system-level design approaches provide programmers the possibility to design SoC-FGPA at system-level with an unified development environment for both hardware and software. To evaluate the feasibility of high-level design approach especially for embedded vision applications, Vivado HLS and Altera SDK for OpenCL, representative and most popular commercial tools in market, are selected as evaluation design tools, disparity map calculation as targeting application. In this paper, hardware accelerators of disparity map calculation are designed with both tools and implemented on Zedboard and SoCKit development board, respectively. Comparisons between design tools are made in aspects of supporting directives, accelerator design process, and generated hardware performance. The results show that both tools can generate efficient hardware for disparity map calculation application with much less develo** time. Moreover, we can also state that, more directives (e.g., interface type, array reshape, resource type specification) are supported, but more hardware knowledge is required, in Vivado HLS. In contrast, Altera SDK for OpenCL is relatively easier for software programmers who is new to hardware, but with the price of more resources usage on FPGA for similar hardware accelerator generation.
△ Less
Submitted 28 August, 2015;
originally announced September 2015.