The SkipSponge Attack: Sponge Weight Poisoning of Deep Neural Networks
This work addresses security vulnerabilities in deep learning systems by introducing a more efficient and stealthy attack method, which is incremental but improves upon existing sponge attacks.
The authors tackled the problem of increasing energy consumption and computation time in neural networks via a novel sponge attack called SkipSponge, which directly poisons pretrained model parameters with few data samples, achieving up to a 13% energy increase and outperforming prior methods in efficiency and stealth.
Sponge attacks aim to increase the energy consumption and computation time of neural networks. In this work, we present a novel sponge attack called SkipSponge. SkipSponge is the first sponge attack that is performed directly on the parameters of a pretrained model using only a few data samples. Our experiments show that SkipSponge can successfully increase the energy consumption of image classification models, GANs, and autoencoders, requiring fewer samples than the state-of-the-art sponge attacks (Sponge Poisoning). We show that poisoning defenses are ineffective if not adjusted specifically for the defense against SkipSponge (i.e., they decrease target layer bias values) and that SkipSponge is more effective on the GANs and the autoencoders than Sponge Poisoning. Additionally, SkipSponge is stealthy as it does not require significant changes to the victim model's parameters. Our experiments indicate that SkipSponge can be performed even when an attacker has access to less than 1% of the entire training dataset and reaches up to 13% energy increase.