DNN-Defender: A Victim-Focused In-DRAM Defense Mechanism for Taming Adversarial Weight Attack on DNNs

Ranyang Zhou, Sabbir Ahmed, Adnan Siraj Rakin, Shaahin Angizi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

With deep learning deployed in many security-sensitive areas, machine learning security is becoming progressively important. Recent studies demonstrate attackers can exploit system-level techniques exploiting the RowHammer vulnerability of DRAM to deterministically and precisely flip bits in Deep Neural Networks (DNN) model weights to affect inference accuracy. The existing defense mechanisms are software-based, such as weight reconstruction requiring expensive training overhead or performance degradation. On the other hand, generic hardware-based victim-/aggressor-focused mechanisms impose expensive hardware overheads and preserve the spatial connection between victim and aggressor rows. In this paper, we present the first DRAM-based victim-focused defense mechanism tailored for quantized DNNs, named DNN-Defender that leverages the potential of in-DRAM swapping to withstand the targeted bit-flip attacks with a priority protection mechanism. Our results indicate that DNN-Defender can deliver a high level of protection downgrading the performance of targeted RowHammer attacks to a random attack level. In addition, the proposed defense has no accuracy drop on CIFAR-10 and ImageNet datasets without requiring any software training or incurring hardware overhead.

Original languageEnglish (US)
Title of host publicationProceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798400706011
DOIs
StatePublished - Nov 7 2024
Event61st ACM/IEEE Design Automation Conference, DAC 2024 - San Francisco, United States
Duration: Jun 23 2024Jun 27 2024

Publication series

NameProceedings - Design Automation Conference
ISSN (Print)0738-100X

Conference

Conference61st ACM/IEEE Design Automation Conference, DAC 2024
Country/TerritoryUnited States
CitySan Francisco
Period6/23/246/27/24

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Control and Systems Engineering
  • Electrical and Electronic Engineering
  • Modeling and Simulation

Fingerprint

Dive into the research topics of 'DNN-Defender: A Victim-Focused In-DRAM Defense Mechanism for Taming Adversarial Weight Attack on DNNs'. Together they form a unique fingerprint.

Cite this