부산대학교 도서관

Nowadays, as Deep Neural Networks (DNNs) are used in various fields, the number of attack methods that threaten the security elements of DNNs is increasing. In particular, the activation function, one of the key elements of DNN, is an important part of processing input signals and generating output. Some attacks on this function can have a significant impact on the model learning and prediction, and can also degrade the model performance by causing misclassification or malfunction. In this paper, we confirmed through experiments that a fault injection attack on Softmax, one of the activation functions of DNN, is possible. Then, we propose countermeasures to deal with the attack and evaluate whether an actual counteraction is possible using the MNIST dataset. As a result, it was confirmed that approximately 90% of the data did not operate normally due to the fault injection attack. Based on these results, we experimented that the proposed countermeasure was able to prevent misclassification of all data.