Bit-Flip Attack: Crushing Neural Network withProgressive Bit Search

03/28/2019
by   Adnan Siraj Rakin, et al.
0

Several important security issues of Deep Neural Network (DNN) have been raised recently associated with different applications and components. The most widely investigated security concern of DNN is from its malicious input, a.k.a adversarial example. Nevertheless, the security challenge of DNN's parameters is not well explored yet. In this work, we are the first to propose a novel DNN weight attack methodology called Bit-Flip Attack (BFA) which can crush a neural network through maliciously flipping extremely small amount of bits within its weight storage memory system (i.e., DRAM). The bit-flip operations could be conducted through well-known Row-Hammer attack, while our main contribution is to develop an algorithm to identify the most vulnerable bits of DNN weight parameters (stored in memory as binary bits), that could maximize the accuracy degradation with a minimum number of bit-flips. Our proposed BFA utilizes a Progressive Bit Search (PBS) method which combines gradient ranking and progressive search to identify the most vulnerable bit to be flipped. With the aid of PBS, we can successfully attack a ResNet-18 fully malfunction (i.e., top-1 accuracy degrade from 69.8 million bits, while randomly flipping 100 bits merely degrades the accuracy by less than 1

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/28/2019

Bit-Flip Attack: Crushing Neural Network with Progressive Bit Search

Several important security issues of Deep Neural Network (DNN) have been...
research
07/24/2020

T-BFA: Targeted Bit-Flip Adversarial Weight Attack

Deep Neural Network (DNN) attacks have mostly been conducted through adv...
research
09/10/2019

TBT: Targeted Neural Network Attack with Bit Trojan

Security of modern Deep Neural Networks (DNNs) is under severe scrutiny ...
research
01/20/2021

RADAR: Run-time Adversarial Weight Attack Detection and Accuracy Recovery

Adversarial attacks on Neural Network weights, such as the progressive b...
research
03/03/2021

Revisiting the Concrete Security of Goldreich's Pseudorandom Generator

Local pseudorandom generators are a class of fundamental cryptographic p...
research
09/12/2023

Unveiling Signle-Bit-Flip Attacks on DNN Executables

Recent research has shown that bit-flip attacks (BFAs) can manipulate de...
research
12/07/2021

BDFA: A Blind Data Adversarial Bit-flip Attack on Deep Neural Networks

Adversarial bit-flip attack (BFA) on Neural Network weights can result i...

Please sign up or login with your details

Forgot password? Click here to reset