Name
Abstract | ||
|---|---|---|
In this paper, we present novel bit-flip attack (BFA) algorithms for DNNs, along with techniques for defending against the attack. Our attack algorithms leverage information about the layer importance, such that a layer is considered important if it has high-ranked feature maps. We first present a classwise-targeted attack that degrades the accuracy of just one class in the dataset. Comparative evaluation with related works shows the effectiveness of our attack algorithm. We finally propose multiple novel defense strategies against untargeted BFAs. We comprehensively evaluate the robustness of both large-scale CNNs (VGG19, ResNext50, AlexNet and Res Net) and compact CNNs (MobileNet-v2, ShuffleNet, GoogleNet and SqueezeNet) towards BFAs. We also reveal a valuable insight that compact CNNs are highly vulnerable to not only well-crafted BFAs such as ours, but even random BFAs. Also, defense strategies are less effective on compact CNNs. This fact makes them unsuitable for use in security-critical domains. Source code is released at https://sites.google.com/view/dsc-2022-paper-bit-flip-attack. |
Year | DOI | Venue |
|---|---|---|
2022 | 10.1109/DSC54232.2022.9888943 | 2022 IEEE Conference on Dependable and Secure Computing (DSC) |
Keywords | DocType | ISBN |
Deep neural networks,security,fault-injection attacks,defense strategies | Conference | 978-1-6654-2142-3 |
Citations | PageRank | References |
0 | 0.34 | 5 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yash Khare | 1 | 0 | 0.34 |
| Kumud Lakara | 2 | 0 | 0.34 |
| Maruthi S. Inukonda | 3 | 0 | 0.34 |
| Sparsh Mittal | 4 | 817 | 50.36 |
| Mahesh Chandra | 5 | 3 | 0.81 |
| Arvind Kaushik | 6 | 0 | 0.34 |