Beyond Histotrust: A Blockchain-Based Alert in Case of Tampering with an Embedded Neural Network in a Multi-Agent Context

An intrusion into the operational network (OT) of a production site can cause serious damage by affecting productivity, reliability, and quality. The presence of embedded neural networks (NNs), such as classifiers, in physical devices opens the door to new attack vectors. Due to the stochastic behavior of the classifier and the difficulty of reproducing results, the Artificial Intelligence (AI) Act requires the NN’s behavior to be explainable. For this purpose, the platform HistoTrust enables tracing NN behavior, thanks to secure hardware components issuing attestations registered in a blockchain ledger. This solution helps to build trust between independent actors whose devices perform tasks in cooperation. This paper proposes going further by integrating a mechanism for detecting tampering of embedded NN, and using smart contracts executed on the blockchain to propagate the alert to the peer devices in a distributed manner. The use case of a bit-flip attack, targeting the weights of the NN model, is considered. This attack can be carried out by repeatedly injecting very small messages that can be missed by the Intrusion Detection System (IDS). Experiments are being conducted on the HistoTrust platform to demonstrate the feasibility of our distributed approach and to qualify the time required to detect intrusion and propagate the alert, in relation to the time it takes for the attack to impact decisions made by the AI. As a result, the blockchain may be a relevant technology to complement traditional IDS in order to face distributed attacks.