TY - GEN
T1 - Efficient Targeted Bit-Flip Attack Against the Local Binary Pattern Network
AU - Roohi, Arman
AU - Angizi, Shaahin
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Deep neural networks (DNNs) have shown their great capability of surpassing human performance in many areas. With the help of quantization, artificial intelligence (AI) powered devices are ubiquitously deployed. Yet, the easily accessible AI-powered edge devices become the target of malicious users who can deteriorate the privacy and integrity of the inference process. This paper proposes two adversarial attack scenarios, including three threat models, which crush local binary pattern networks (LBPNet). These attacks can be applied maliciously to flip a limited number of susceptible bits in kernels within the system's shared memory. The threat could be driven through the Row-Hammer attack and significantly drops the model's accuracy. Our preliminary simulation results demonstrate flipping only the most significant bit of the first LBP layer decreases the accuracy from 99.51 % down to 18 % on the MNIST data-set. We then briefly discuss potential hardware/software -oriented defense mechanisms as countermeasures to such attacks.
AB - Deep neural networks (DNNs) have shown their great capability of surpassing human performance in many areas. With the help of quantization, artificial intelligence (AI) powered devices are ubiquitously deployed. Yet, the easily accessible AI-powered edge devices become the target of malicious users who can deteriorate the privacy and integrity of the inference process. This paper proposes two adversarial attack scenarios, including three threat models, which crush local binary pattern networks (LBPNet). These attacks can be applied maliciously to flip a limited number of susceptible bits in kernels within the system's shared memory. The threat could be driven through the Row-Hammer attack and significantly drops the model's accuracy. Our preliminary simulation results demonstrate flipping only the most significant bit of the first LBP layer decreases the accuracy from 99.51 % down to 18 % on the MNIST data-set. We then briefly discuss potential hardware/software -oriented defense mechanisms as countermeasures to such attacks.
KW - adversarial data layout
KW - binarized neural network
KW - bit-flip attack
UR - http://www.scopus.com/inward/record.url?scp=85136435531&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136435531&partnerID=8YFLogxK
U2 - 10.1109/HOST54066.2022.9839959
DO - 10.1109/HOST54066.2022.9839959
M3 - Conference contribution
AN - SCOPUS:85136435531
T3 - Proceedings of the 2022 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2022
SP - 89
EP - 92
BT - Proceedings of the 2022 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2022
Y2 - 27 June 2022 through 30 June 2022
ER -