Name
Abstract | ||
|---|---|---|
Recent studies show that adversarial attacks on neural network weights, aka, Bit-Flip Attack (BFA), can degrade Deep Neural Network's (DNN) prediction accuracy severely. In this work, we propose a novel weight reconstruction method as a countermeasure to such BFAs. Specifically, during inference, the weights are reconstructed such that the weight perturbation due to BFA is minimized or diffused to the neighboring weights. We have successfully demonstrated that our method can significantly improve the DNN robustness against random and gradient-based BFA variants. Even under the most aggressive attacks (i.e., greedy progressive bit search), our method maintains a test accuracy of 60% on ImageNet after 5 iterations while the baseline accuracy drops to below 1%. |
Year | DOI | Venue |
|---|---|---|
2020 | 10.1109/DAC18072.2020.9218665 | PROCEEDINGS OF THE 2020 57TH ACM/EDAC/IEEE DESIGN AUTOMATION CONFERENCE (DAC) |
Keywords | DocType | ISSN |
Bit-Flip Attack, Row-Hammer Attack, Security of Deep Neural Network | Conference | 0738-100X |
Citations | PageRank | References |
0 | 0.34 | 17 |
Authors | ||
7 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Jingtao Li | 1 | 3 | 4.15 |
| Adnan Siraj Rakin | 2 | 30 | 7.89 |
| Yan Xiong | 3 | 0 | 1.01 |
| Liangliang Chang | 4 | 0 | 0.34 |
| Zhezhi He | 5 | 136 | 25.37 |
| Deliang Fan | 6 | 375 | 53.66 |
| Chaitali Chakrabarti | 7 | 1978 | 184.17 |