Stealthy Attack on Algorithmic-Protected DNNs via Smart Bit Flipping
2022 (English)In: 2022 23rd International Symposium on Quality Electronic Design (ISQED), IEEE Computer Society , 2022Conference paper, Published paper (Refereed)
Abstract [en]
Recently, deep neural networks (DNNs) have been deployed in safety-critical systems such as autonomous vehicles and medical devices. Shortly after that, the vulnerability of DNNs were revealed by stealthy adversarial examples where crafted inputs - by adding tiny perturbations to original inputs - can lead a DNN to generate misclassification outputs. To improve the robustness of DNNs, some algorithmic-based countermeasures against adversarial examples have been introduced thereafter.In this paper, we propose a new type of stealthy attack on protected DNNs to circumvent the algorithmic defenses: via smart bit flipping in DNN weights, we can reserve the classification accuracy for clean inputs but misclassify crafted inputs even with algorithmic countermeasures. To fool protected DNNs in a stealthy way, we introduce a novel method to efficiently find their most vulnerable weights and flip those bits in hardware. Experimental results show that we can successfully apply our stealthy attack against state-of-the-art algorithmic-protected DNNs.
Place, publisher, year, edition, pages
IEEE Computer Society , 2022.
Keywords [en]
Safety engineering, Algorithmics, Autonomous Vehicles, Bit flipping, Classification accuracy, Medical Devices, Misclassifications, Network weights, Novel methods, Safety critical systems, State of the art, Deep neural networks
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:mdh:diva-61284DOI: 10.1109/ISQED54688.2022.9806152ISI: 000890309300066Scopus ID: 2-s2.0-85133798155ISBN: 9781665494663 (print)OAI: oai:DiVA.org:mdh-61284DiVA, id: diva2:1719422
Conference
23rd International Symposium on Quality Electronic Design (ISQED), 06-07 April 2022, Santa Clara, CA, USA
2022-12-152022-12-152023-05-10Bibliographically approved