Exploiting Vulnerabilities in Deep Neural Networks: Adversarial and Fault-Injection Attacks
This is an incremental review paper addressing security vulnerabilities in DNN-based systems for researchers and practitioners.
The paper tackles the susceptibility of Deep Neural Networks (DNNs) in Cyber-Physical Systems to security threats by reviewing adversarial and fault-injection attacks, and discusses challenges and prospective defenses for robust systems.
From tiny pacemaker chips to aircraft collision avoidance systems, the state-of-the-art Cyber-Physical Systems (CPS) have increasingly started to rely on Deep Neural Networks (DNNs). However, as concluded in various studies, DNNs are highly susceptible to security threats, including adversarial attacks. In this paper, we first discuss different vulnerabilities that can be exploited for generating security attacks for neural network-based systems. We then provide an overview of existing adversarial and fault-injection-based attacks on DNNs. We also present a brief analysis to highlight different challenges in the practical implementation of adversarial attacks. Finally, we also discuss various prospective ways to develop robust DNN-based systems that are resilient to adversarial and fault-injection attacks.