Efficient Targeted Bit-Flip Attack Against the Local Binary Pattern Network

Arman Roohi, Shaahin Angizi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Deep neural networks (DNNs) have shown their great capability of surpassing human performance in many areas. With the help of quantization, artificial intelligence (AI) powered devices are ubiquitously deployed. Yet, the easily accessible AI-powered edge devices become the target of malicious users who can deteriorate the privacy and integrity of the inference process. This paper proposes two adversarial attack scenarios, including three threat models, which crush local binary pattern networks (LBPNet). These attacks can be applied maliciously to flip a limited number of susceptible bits in kernels within the system's shared memory. The threat could be driven through the Row-Hammer attack and significantly drops the model's accuracy. Our preliminary simulation results demonstrate flipping only the most significant bit of the first LBP layer decreases the accuracy from 99.51 % down to 18 % on the MNIST data-set. We then briefly discuss potential hardware/software -oriented defense mechanisms as countermeasures to such attacks.

Original languageEnglish (US)
Title of host publicationProceedings of the 2022 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages89-92
Number of pages4
ISBN (Electronic)9781665485326
DOIs
StatePublished - 2022
Event2022 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2022 - Washington, United States
Duration: Jun 27 2022Jun 30 2022

Publication series

NameProceedings of the 2022 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2022

Conference

Conference2022 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2022
Country/TerritoryUnited States
CityWashington
Period6/27/226/30/22

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality
  • Electronic, Optical and Magnetic Materials

Keywords

  • adversarial data layout
  • binarized neural network
  • bit-flip attack

Fingerprint

Dive into the research topics of 'Efficient Targeted Bit-Flip Attack Against the Local Binary Pattern Network'. Together they form a unique fingerprint.

Cite this