Poisoning the (Data) Well in ML-Based CAD: A Case Study of Hiding Lithographic Hotspots

Machine learning (ML) provides state-of-the-art performance in many parts of computer-aided design (CAD) flows. However, deep neural networks (DNNs) are susceptible to various adversarial attacks, including data poisoning to compromise training to insert backdoors. Sensitivity to training data integrity presents a security vulnerability, especially in light of malicious insiders who want to cause targeted neural network misbehavior. In this study, we explore this threat in lithographic hotspot detection via training data poisoning, where hotspots in a layout clip can be "hidden" at inference time by including a trigger shape in the input. We show that training data poisoning attacks are feasible and stealthy, demonstrating a backdoored neural network that performs normally on clean inputs but misbehaves on inputs when a backdoor trigger is present. Furthermore, our results raise some fundamental questions about the robustness of ML-based systems in CAD.

[1]  Ying Chen,et al.  Semi-supervised hotspot detection with self-paced multi-task learning , 2019, ASP-DAC.

[2]  Siddharth Garg,et al.  BadNets: Evaluating Backdooring Attacks on Deep Neural Networks , 2019, IEEE Access.

[3]  Fabio Roli,et al.  Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning , 2018, CCS.

[4]  Brendan Dolan-Gavitt,et al.  Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks , 2018, RAID.

[5]  Evangeline F. Y. Young,et al.  Layout hotspot detection with feature tensor generation and deep biased learning , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[6]  Fan Yang,et al.  Efficient Layout Hotspot Detection via Binarized Residual Neural Network , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[7]  Iris Hui-Ru Jiang,et al.  Accurate process-hotspot detection using critical design rule extraction , 2012, DAC Design Automation Conference 2012.

[8]  Jiang Hu,et al.  Routability-Driven Macro Placement with Embedded CNN-Based Prediction Model , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[9]  Andrew B. Kahng,et al.  Machine Learning Applications in Physical Design: Recent Results and Directions , 2018, ISPD.

[10]  J. Andres Torres,et al.  ICCAD-2012 CAD contest in fuzzy pattern matching for physical verification and benchmark suite , 2012, 2012 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[11]  Giovanni De Micheli,et al.  Developing Synthesis Flows Without Human Knowledge , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[12]  Evangeline F. Y. Young,et al.  Are Adversarial Perturbations a Showstopper for ML-Based CAD? A Case Study on CNN-Based Lithographic Hotspot Detection , 2019, ArXiv.

[13]  Yiorgos Makris,et al.  Enhanced hotspot detection through synthetic pattern generation and design of experiments , 2018, 2018 IEEE 36th VLSI Test Symposium (VTS).

[14]  Tudor Dumitras,et al.  Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks , 2018, NeurIPS.