DeepLaser: Practical Fault Attack on Deep Neural Networks
This addresses security risks in safety-critical applications like autonomous vehicles, though it is an incremental study focusing on a specific attack method.
The paper tackles the vulnerability of deep neural networks to physical fault injection attacks, specifically using laser injection on embedded systems to target activation functions like ReLU and softmax, achieving misclassification by injecting faults into hidden layers.
As deep learning systems are widely adopted in safety- and security-critical applications, such as autonomous vehicles, banking systems, etc., malicious faults and attacks become a tremendous concern, which potentially could lead to catastrophic consequences. In this paper, we initiate the first study of leveraging physical fault injection attacks on Deep Neural Networks (DNNs), by using laser injection technique on embedded systems. In particular, our exploratory study targets four widely used activation functions in DNNs development, that are the general main building block of DNNs that creates non-linear behaviors -- ReLu, softmax, sigmoid, and tanh. Our results show that by targeting these functions, it is possible to achieve a misclassification by injecting faults into the hidden layer of the network. Such result can have practical implications for real-world applications, where faults can be introduced by simpler means (such as altering the supply voltage).