The increasing application of Neural Networks (NNs) in various fields has heightened the demand for specialized hardware to enhance performance and efficiency. Field-Programmable Gate Arrays (FPGAs) have emerged as a popular choice for implementing NN accelerators due to their flexibility, high performance, and ability to be customized for specific NN architectures. However, the trend of outsourcing Integrated Circuit (IC) design to third parties has introduced new security vulnerabilities, particularly in the form of Hardware Trojans (HTs). These malicious alterations can severely compromise the integrity and functionality of NN accelerators.

Building upon this, this study investigates a novel type of HT that degrades the accuracy of Convolutional Neural Network (CNN) accelerators over time. Two variants of the attack are presented: Gradually Degrading Accuracy Trojan (GDAT) and Suddenly Degrading Accuracy Trojan (SDAT), implemented in various components of the CNN accelerator. The approach presented leverages a sensitivity analysis to identify the most impactful targets for the trojan and evaluates the attack’s effectiveness based on stealthiness, hardware overhead, and impact on accuracy. 

The overhead of the attacks was found to be competitive when compared to other trojans, and has the potential to undermine trust and cause economic damages if deployed. Out of the components targeted, the memory component for the feature maps was identified as the most vulnerable to this attack, closely followed by the bias memory component. The feature map trojans resulted in a significant accuracy degradation of 78.16% with a 0.15% and 0.29% increase in Look-Up-Table (LUT) utilization for the SDAT and GDAT variants, respectively. In comparison, the bias trojans caused an accuracy degradation of 63.33% with a LUT utilization increase of 0.20% and 0.33% for the respective trojans. The power consumption overhead was consistent at 0.16% for both the attacks and trojan versions.