Evaluation Setup
26
‣ Hardware: a cycle-level simulator parameterized with synthesis results from
RTL implementation (Silvaco’s Open-Cell 15nm).
‣ Baselines: EP [CVPR 2019], CDRP [CVPR 2018], DeepFense [ICCAD 2018]
‣ Dataset: ImageNet, CIFAR-100
‣ Network: ResNet18, AlexNet, VGG
‣ Attacks:
▹ BIM, CWL2, DeepFool, FGSM, and JSMA, which comprehensively cover all three types of
input perturbation measures (L0, L2, and L∞).
▹ Adaptive attacks, which are specifically designed to defeat our detection mechanisms.
https://github.com/ptolemy-dl/ptolemy