Mitigating Slow-to-Write Errors in Memristor-Mapped Graph Neural Networks Induced by Adversarial Attacks

Graph neural networks (GNNs) are becoming popular in various real-world applications. However, hardware-level security is a concern when GNN models are mapped to emerging neuromorphic computing architectures such as memristor-based crossbars. We identify a vulnerability of memristor-mapped GNNs and propose an attack mechanism based on the identified vulnerability. The proposed attack tampers memristor-mapped graph-structured data of a GNN by injecting adversarial edges to the graph and inducing slow-to-write errors in crossbars. We present a defense mechanism based on the write-verify (WV) scheme. We analyze the effectiveness of the WV-based defense and provide theoretical security guarantees. This analysis also provides guidance for selecting appropriate design parameters for the WV scheme to ensure its effectiveness in countering slow-to-write errors induced by attacks. Experimental results for the proposed attack show that there is a 5.72× increase in the success rate compared to a software-based baseline. We also demonstrate the efficacy of the WV-based defense in mitigating all slow-to-write errors induced by the proposed attack.