A Survey of Bit-Flip Attacks on Deep Neural Network and Corresponding Defense Methods-Reference-Cited by-同舟云学术

A Survey of Bit-Flip Attacks on Deep Neural Network and Corresponding Defense Methods

Published:2023-02-08 Issue:4 Volume:12 Page:853
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Qian Cheng¹,Zhang Ming¹^ORCID,Nie Yuanping¹,Lu Shuaibing¹,Cao Huayang¹

Affiliation:

1. National Key Laboratory of Science and Technology on Information System Security, Beijing 100085, China

Abstract

As the machine learning-related technology has made great progress in recent years, deep neural networks are widely used in many scenarios, including security-critical ones, which may incura great loss when DNN is compromised. Starting from introducing several commonly used bit-flip methods, this paper concentrates on bit-flips attacks aiming DNN and the corresponding defense methods. We analyze the threat models, methods design, and effect of attack and defense methods in detail, drawing some helpful conclusions about improving the robustness and resilience of DNN. In addition, we point out several drawbacks to existing works, which can hopefully be researched in the future.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/4/853/pdf

Reference96 articles.

1. Khalid, F., Hanif, M.A., and Shafique, M. (2021). Exploiting Vulnerabilities in Deep Neural Networks: Adversarial and Fault-Injection Attacks. arXiv.

2. Rakin, A.S., He, Z., and Fan, D. (November, January 27). Bit-flip attack: Crushing neural network with progressive bit search. Proceedings of the IEEE/CVF International Conference on Computer Vision, Seoul, Korea.

3. Cojocar, L., Razavi, K., Giuffrida, C., and Bos, H. (2019, January 20–22). Exploiting correcting codes: On the effectiveness of ecc memory against rowhammer attacks. Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.

4. Zhang, D., Yang, J., Ye, D., and Hua, G. (2018, January 8–14). Lq-nets: Learned quantization for highly accurate and compact deep neural networks. Proceedings of the European Conference on Computer Vision (ECCV), Munich, Germany.

5. Khoshavi, N., Broyles, C., and Bi, Y. (2020, January 25–26). Compression or corruption? A study on the effects of transient faults on bnn inference accelerators. Proceedings of the 2020 21st International Symposium on Quality Electronic Design (ISQED), Santa Clara, CA, USA.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Attacking Graph Neural Networks with Bit Flips: Weisfeiler and Leman Go Indifferent;Proceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining;2024-08-24

2. ALERT: A lightweight defense mechanism for enhancing DNN robustness against T-BFA;Journal of Systems Architecture;2024-07

3. Zero-Space In-Weight and In-Bias Protection for Floating-Point-based CNNs;2024 19th European Dependable Computing Conference (EDCC);2024-04-08

4. NaN Attacks: Bit-Flipping Deep Neural Network Parameters to NaN or Infinity;2024 1st International Conference on Robotics, Engineering, Science, and Technology (RESTCON);2024-02-16

5. In-Memory Zero-Space Floating-Point-Based CNN Protection Using Non-significant and Invariant Bits;Lecture Notes in Computer Science;2024