Fault Sneaking Attack

Abstract: Despite the great achievements of deep neural networks (DNNs), the vulnerability of state-of-the-art DNNs raises security concerns of DNNs in many application domains requiring high reliability. We propose the fault sneaking a ack on DNNs, where the adversary aims to misclassify certain input images into any target labels by modifying the DNN parameters. We apply ADMM (alternating direction method of multipliers) for solving the optimization problem of the fault sneaking a ack with two constraints: 1) the clas… Show more

“…As NN-based solutions becoming popular for many applications, NN security arises as a major concern for the practical deployment of NNs in safety-critical tasks. Lots of efforts have been devoted to investigating the security of NNs, especially, the malicious attack approaches ( [15], [16], [17]). The attack object of these attacks is either the input sample (i.e., adversarial attack) or the neural network weights (i.e., fault injection attack).…”

“…While the adversaries with expert knowledge concern the effectiveness and stealthiness of the attack, they can manipulate the network prediction for a given image at will through fault injection techniques while ensuring model accuracy on other images. Previous studies have demonstrated that it is practical to launch precise and effective fault injection attacks on neural networks [16], [17].…”

“…On the other hand, the security of the NCS raises a concern as the DNN models are spreading into the safety-sensitive scenarios, and previous studies have demonstrated that the DNN models are vulnerable to the well-designed attacks ( [14], [15], [16], [17]). To fool the neural networks, these attack methods either perturb the input samples (i.e., adversarial attack [15], [18]) or manipulate the network parameters (i.e., fault injection [16], [17]). By distorting the selected input or network parameters, the attackers can mislead the network to make an erroneous prediction.…”

“…In the end, VADER effectively misleads RRAM-based NCS and makes it output the prediction error. [17], [15]). The results show VADER and EFI are more effective than the comparison counterparts and both achieve almost 100% attack success rate.…”

“…The results show VADER and EFI are more effective than the comparison counterparts and both achieve almost 100% attack success rate. Besides, EFI can save orders of the cost (>95%) for the fault injection, while maintaining less accuracy degradation compared with previous fault injection attacks ([16], [17]). The rest of the paper is organized as follows.…”

Variation Enhanced Attacks Against RRAM-Based Neuromorphic Computing System

“…As NN-based solutions becoming popular for many applications, NN security arises as a major concern for the practical deployment of NNs in safety-critical tasks. Lots of efforts have been devoted to investigating the security of NNs, especially, the malicious attack approaches ( [15], [16], [17]). The attack object of these attacks is either the input sample (i.e., adversarial attack) or the neural network weights (i.e., fault injection attack).…”

“…While the adversaries with expert knowledge concern the effectiveness and stealthiness of the attack, they can manipulate the network prediction for a given image at will through fault injection techniques while ensuring model accuracy on other images. Previous studies have demonstrated that it is practical to launch precise and effective fault injection attacks on neural networks [16], [17].…”

“…On the other hand, the security of the NCS raises a concern as the DNN models are spreading into the safety-sensitive scenarios, and previous studies have demonstrated that the DNN models are vulnerable to the well-designed attacks ( [14], [15], [16], [17]). To fool the neural networks, these attack methods either perturb the input samples (i.e., adversarial attack [15], [18]) or manipulate the network parameters (i.e., fault injection [16], [17]). By distorting the selected input or network parameters, the attackers can mislead the network to make an erroneous prediction.…”

“…In the end, VADER effectively misleads RRAM-based NCS and makes it output the prediction error. [17], [15]). The results show VADER and EFI are more effective than the comparison counterparts and both achieve almost 100% attack success rate.…”

“…The results show VADER and EFI are more effective than the comparison counterparts and both achieve almost 100% attack success rate. Besides, EFI can save orders of the cost (>95%) for the fault injection, while maintaining less accuracy degradation compared with previous fault injection attacks ([16], [17]). The rest of the paper is organized as follows.…”

Variation Enhanced Attacks Against RRAM-Based Neuromorphic Computing System

On Implementation-Level Security of Edge-Based Machine Learning Models

Artificial Neural Networks and Fault Injection Attacks