T-BFA: <u>T</u>argeted <u>B</u>it-<u>F</u>lip Adversarial Weight <u>A</u>ttack
نویسندگان
چکیده
Traditional Deep Neural Network (DNN) security is mostly related to the well-known adversarial input example attack. Recently, another dimension of attack, namely, attack on DNN weight parameters, has been shown be very powerful. As a representative one, Bit-Flip-based Attack (BFA) injects an extremely small amount faults into parameters hijack executing function. Prior works BFA focus un-targeted that can hack all inputs random output class by flipping number bits stored in computer memory. This paper proposes first work xmlns:xlink="http://www.w3.org/1999/xlink">targeted based (T-BFA) DNNs, which intentionally mislead selected target class. The objective achieved identifying are highly associated with classification targeted through xmlns:xlink="http://www.w3.org/1999/xlink">class-dependent vulnerable bit searching algorithm. Our proposed T-BFA performance successfully demonstrated multiple architectures for image tasks. For example, merely 27 out 88 million ResNet-18, our misclassify images from ’Hen’ ’Goose’ (i.e., 100% success rate) ImageNet dataset, while maintaining 59.35% validation accuracy. Moreover, we demonstrate real prototype system running computation, Ivy Bridge-based Intel i7 CPU and 8GB DDR3
منابع مشابه
BFA sends proteins back
O bserving a step backward brought Jon Yewdell a big step forward in understanding protein traffi cking pathways in the cell. As a newly minted assistant professor at the Wistar Institute, Yewdell was examining where in the cell the infl uenza A virus (IAV) hemagglutin (HA) trimerized. Using monoclonal antibodies (mAbs) specifi c for monomers or trimers, he had found by 1985 that monomers local...
متن کاملTCP - BFA : Bu er Fill
The main goal of a congestion avoidance algorithm is to maximize throughput and minimize delay (Jain & Ramakrishnan 1988). While TCP Reno achieves high throughput, it tends to consume all of the buuer space at the bottleneck router, causing large delays. In this paper we propose a simple scheme that modiies TCP Reno's congestion avoidance algorithm by throttling back the opening of the congesti...
متن کاملNeural Networks in Adversarial Setting and Ill-Conditioned Weight Space
Recently, Neural networks have seen a huge surge in its adoption due to their ability to provide high accuracy on various tasks. On the other hand, the existence of adversarial examples have raised suspicions regarding the generalization capabilities of neural networks. In this work, we focus on the weight matrix learnt by the neural networks and hypothesize that ill conditioned weight matrix i...
متن کاملTCP-BFA: Bu er Fill Avoidance
The main goal of a congestion avoidance algorithm is to maximize throughput and minimize delay (Jain & Ramakrishnan 1988). While TCP Reno achieves high throughput, it tends to consume all of the bu er space at the bottleneck router, causing large delays. In this paper we propose a simple scheme that modi es TCP Reno's congestion avoidance algorithm by throttling back the opening of the congesti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Pattern Analysis and Machine Intelligence
سال: 2022
ISSN: ['1939-3539', '2160-9292', '0162-8828']
DOI: https://doi.org/10.1109/tpami.2021.3112932