Design and Analysis of Novel Bit-flip Attacks and Defense Strategies for DNNs

2022 IEEE Conference on Dependable and Secure Computing (DSC) Pub Date : 2022-06-22 DOI:10.1109/DSC54232.2022.9888943

Yash Khare, Kumud Lakara, M. S. Inukonda, Sparsh Mittal, Mahesh Chandra, Arvind Kaushik

{"title":"Design and Analysis of Novel Bit-flip Attacks and Defense Strategies for DNNs","authors":"Yash Khare, Kumud Lakara, M. S. Inukonda, Sparsh Mittal, Mahesh Chandra, Arvind Kaushik","doi":"10.1109/DSC54232.2022.9888943","DOIUrl":null,"url":null,"abstract":"In this paper, we present novel bit-flip attack (BFA) algorithms for DNNs, along with techniques for defending against the attack. Our attack algorithms leverage information about the layer importance, such that a layer is considered important if it has high-ranked feature maps. We first present a classwise-targeted attack that degrades the accuracy of just one class in the dataset. Comparative evaluation with related works shows the effectiveness of our attack algorithm. We finally propose multiple novel defense strategies against untargeted BFAs. We comprehensively evaluate the robustness of both large-scale CNNs (VGG19, ResNext50, AlexNet and Res Net) and compact CNNs (MobileNet-v2, ShuffleNet, GoogleNet and SqueezeNet) towards BFAs. We also reveal a valuable insight that compact CNNs are highly vulnerable to not only well-crafted BFAs such as ours, but even random BFAs. Also, defense strategies are less effective on compact CNNs. This fact makes them unsuitable for use in security-critical domains. Source code is released at https://sites.google.com/view/dsc-2022-paper-bit-flip-attack.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"184 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC54232.2022.9888943","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In this paper, we present novel bit-flip attack (BFA) algorithms for DNNs, along with techniques for defending against the attack. Our attack algorithms leverage information about the layer importance, such that a layer is considered important if it has high-ranked feature maps. We first present a classwise-targeted attack that degrades the accuracy of just one class in the dataset. Comparative evaluation with related works shows the effectiveness of our attack algorithm. We finally propose multiple novel defense strategies against untargeted BFAs. We comprehensively evaluate the robustness of both large-scale CNNs (VGG19, ResNext50, AlexNet and Res Net) and compact CNNs (MobileNet-v2, ShuffleNet, GoogleNet and SqueezeNet) towards BFAs. We also reveal a valuable insight that compact CNNs are highly vulnerable to not only well-crafted BFAs such as ours, but even random BFAs. Also, defense strategies are less effective on compact CNNs. This fact makes them unsuitable for use in security-critical domains. Source code is released at https://sites.google.com/view/dsc-2022-paper-bit-flip-attack.

查看原文本刊更多论文

新型dnn位翻转攻击与防御策略的设计与分析

在本文中，我们提出了新的dnn比特翻转攻击(BFA)算法，以及防御攻击的技术。我们的攻击算法利用有关层重要性的信息，例如，如果一个层具有高排名的特征映射，则认为它重要。我们首先提出了一种针对类别的攻击，它只会降低数据集中一个类别的准确性。通过与相关文献的对比分析，证明了该算法的有效性。我们最后提出了针对非靶向BFAs的多种新型防御策略。我们全面评估了大规模cnn (VGG19、ResNext50、AlexNet和Res Net)和紧凑型cnn (MobileNet-v2、ShuffleNet、GoogleNet和SqueezeNet)对BFAs的鲁棒性。我们还揭示了一个有价值的见解，即紧凑型cnn不仅极易受到精心设计的bfa(如我们的bfa)的攻击，甚至是随机bfa的攻击。此外，防御策略对紧凑型cnn的效果较差。这一事实使得它们不适合用于安全关键领域。源代码发布在https://sites.google.com/view/dsc-2022-paper-bit-flip-attack。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE Conference on Dependable and Secure Computing (DSC)

自引率

0.00%

发文量