DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit Flips

03/30/2020
by   Fan Yao, et al.
0

Security of machine learning is increasingly becoming a major concern due to the ubiquitous deployment of deep learning in many security-sensitive domains. Many prior studies have shown external attacks such as adversarial examples that tamper with the integrity of DNNs using maliciously crafted inputs. However, the security implication of internal threats (i.e., hardware vulnerability) to DNN models has not yet been well understood. In this paper, we demonstrate the first hardware-based attack on quantized deep neural networks-DeepHammer-that deterministically induces bit flips in model weights to compromise DNN inference by exploiting the rowhammer vulnerability. DeepHammer performs aggressive bit search in the DNN model to identify the most vulnerable weight bits that are flippable under system constraints. To trigger deterministic bit flips across multiple pages within reasonable amount of time, we develop novel system-level techniques that enable fast deployment of victim pages, memory-efficient rowhammering and precise flipping of targeted bits. DeepHammer can deliberately degrade the inference accuracy of the victim DNN system to a level that is only as good as random guess, thus completely depleting the intelligence of targeted DNN systems. We systematically demonstrate our attacks on real systems against 12 DNN architectures with 4 different datasets and different application domains. Our evaluation shows that DeepHammer is able to successfully tamper DNN inference behavior at run-time within a few minutes. We further discuss several mitigation techniques from both algorithm and system levels to protect DNNs against such attacks. Our work highlights the need to incorporate security mechanisms in future deep learning system to enhance the robustness of DNN against hardware-based deterministic fault injections.

READ FULL TEXT

page 1

page 2

page 3

page 4

09/10/2019

TBT: Targeted Neural Network Attack with Bit Trojan

Security of modern Deep Neural Networks (DNNs) is under severe scrutiny ...
11/08/2021

DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories

Recent advancements of Deep Neural Networks (DNNs) have seen widespread ...
06/23/2022

Design Exploration and Security Assessment of PUF-on-PUF Implementations

We design, implement, and assess the security of several variations of t...
09/10/2019

When Single Event Upset Meets Deep Neural Networks: Observations, Explorations, and Remedies

Deep Neural Network has proved its potential in various perception tasks...
12/25/2021

Stealthy Attack on Algorithmic-Protected DNNs via Smart Bit Flipping

Recently, deep neural networks (DNNs) have been deployed in safety-criti...
10/21/2021

Physical Side-Channel Attacks on Embedded Neural Networks: A Survey

During the last decade, Deep Neural Networks (DNN) have progressively be...
06/23/2020

Hermes Attack: Steal DNN Models with Lossless Inference Accuracy

Deep Neural Networks (DNNs) models become one of the most valuable enter...