Stealthy Attack on Algorithmic-Protected DNNs via Smart Bit Flipping
This addresses security risks for safety-critical systems like autonomous vehicles and medical devices, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the vulnerability of algorithmically-protected deep neural networks (DNNs) to stealthy attacks, proposing a method that flips bits in DNN weights to misclassify crafted inputs while maintaining accuracy on clean inputs, with experimental success against state-of-the-art defenses.
Recently, deep neural networks (DNNs) have been deployed in safety-critical systems such as autonomous vehicles and medical devices. Shortly after that, the vulnerability of DNNs were revealed by stealthy adversarial examples where crafted inputs -- by adding tiny perturbations to original inputs -- can lead a DNN to generate misclassification outputs. To improve the robustness of DNNs, some algorithmic-based countermeasures against adversarial examples have been introduced thereafter. In this paper, we propose a new type of stealthy attack on protected DNNs to circumvent the algorithmic defenses: via smart bit flipping in DNN weights, we can reserve the classification accuracy for clean inputs but misclassify crafted inputs even with algorithmic countermeasures. To fool protected DNNs in a stealthy way, we introduce a novel method to efficiently find their most vulnerable weights and flip those bits in hardware. Experimental results show that we can successfully apply our stealthy attack against state-of-the-art algorithmic-protected DNNs.