T-BFA: Targeted Bit-Flip Adversarial Weight Attack

07/24/2020
by   Adnan Siraj Rakin, et al.
0

Deep Neural Network (DNN) attacks have mostly been conducted through adversarial input example generation. Recent work on adversarial attack of DNNweights, especially, Bit-Flip based adversarial weight Attack (BFA) has proved to be very powerful. BFA is an un-targeted attack that can classify all inputs into a random output class by flipping a very small number of weight bits stored in computer memory. This paper presents the first work on targeted adversarial weight attack for quantized DNN models. Specifically, we propose Targeted variants of BFA (T-BFA), which can intentionally mislead selected inputs to a target output class. The objective is achieved by identifying the weight bits that are highly associated with the classification of a targeted output through a novel class-dependant weight bit ranking algorithm. T-BFA performance has been successfully demonstrated on multiple network architectures for the image classification task. For example, by merely flipping 27 (out of 88 million) weight bits, T-BFA can misclassify all the images in Ibex class into Proboscis Monkey class (i.e., 100 rate) on ImageNet dataset, while maintaining 59.35 ResNet-18.

READ FULL TEXT
research
03/28/2019

Bit-Flip Attack: Crushing Neural Network withProgressive Bit Search

Several important security issues of Deep Neural Network (DNN) have been...
research
03/28/2019

Bit-Flip Attack: Crushing Neural Network with Progressive Bit Search

Several important security issues of Deep Neural Network (DNN) have been...
research
12/07/2021

BDFA: A Blind Data Adversarial Bit-flip Attack on Deep Neural Networks

Adversarial bit-flip attack (BFA) on Neural Network weights can result i...
research
01/20/2021

RADAR: Run-time Adversarial Weight Attack Detection and Accuracy Recovery

Adversarial attacks on Neural Network weights, such as the progressive b...
research
02/15/2022

Unreasonable Effectiveness of Last Hidden Layer Activations

In standard Deep Neural Network (DNN) based classifiers, the general con...
research
07/31/2020

Class-Oriented Poisoning Attack

Poisoning attacks on machine learning systems compromise the model perfo...
research
12/08/2022

Targeted Adversarial Attacks against Neural Network Trajectory Predictors

Trajectory prediction is an integral component of modern autonomous syst...

Please sign up or login with your details

Forgot password? Click here to reset