RA-BNN: Constructing Robust &amp; Accurate Binary Neural Network to Simultaneously Defend Adversarial Bit-Flip Attack and Improve Accuracy

Rakin, Adnan Siraj; Li, Yang; Li, Jingtao; Yao, Fan; Chakrabarti, Chaitali; Cao, Yu; Seo, Jae-sun; Fan, Deliang

doi:10.48550/arxiv.2103.13813

Cited by 2 publications

(3 citation statements)

References 35 publications

(63 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CIFAR 13 is a dataset having 100 classes of colored images and the CIFAR10 dataset is reduced to 10 classes. Because images are of size 32 × 32 × 3 (32 pixels width, 32 pixels height, 3 color channels), the network input is a 3D tensor of shape (32,32,3). The neural network consists of 5 layers: a convolutional layer having 32 neurons with activation function ReLU, followed by a max pooling of size 2x2, a convolutional layer having 64 neurons with activation function ReLU, a flatten layer, and finally a dense layer of 10 neurons with activation function softmax.…”

Section: Cifar Neural Networkmentioning

confidence: 99%

See 1 more Smart Citation

Neural Network Precision Tuning Using Stochastic Arithmetic

Ferro

Graillat

Hilaire

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Neural networks can be costly in terms of memory and execution time. Reducing their cost has become an objective, especially when integrated in an embedded system with limited resources. A possible solution consists in reducing the precision of their neurons parameters. In this article, we present how to use auto-tuning on neural networks to lower their precision while keeping an accurate output. To do so, we use a floating-point auto-tuning tool on different kinds of neural networks. We show that, to some extent, we can lower the precision of several neural network parameters without compromising the accuracy requirement.

show abstract

Section: Cifar Neural Networkmentioning

confidence: 99%

“…While much effort has been devoted to the safety and robustness of deep learning code (see for instance [13,34,28,27,32]) a few studies have been carried out on the effects of rounding error propagation on neural networks. Verifiers such as MIPVerify [36] are designed to check properties of neural networks and measure their robustness.…”

Section: Introductionmentioning

confidence: 99%

Neural Network Precision Tuning Using Stochastic Arithmetic

Ferro

Graillat

Hilaire

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In response to bit-flip attacks, prior work suggests adding specific constraints on DNN weights during training such as binarization [6], clustering [7], or block reconstruction [8]. Adding such constraints increases the number of bit-flips required to deplete the inference accuracy, however, they do not entirely mitigate the threat.…”

Section: Introductionmentioning

confidence: 99%

HASHTAG: Hash Signatures for Online Detection of Fault-Injection Attacks on Deep Neural Networks

Javaheripi¹,

Koushanfar²

2021

Preprint

View full text Add to dashboard Cite

We propose HASHTAG, the first framework that enables high-accuracy detection of fault-injection attacks on Deep Neural Networks (DNNs) with provable bounds on detection performance. Recent literature in fault-injection attacks shows the severe DNN accuracy degradation caused by bit flips. In this scenario, the attacker changes a few weight bits during DNN execution by tampering with the program's DRAM memory. To detect runtime bit flips, HASHTAG extracts a unique signature from the benign DNN prior to deployment. The signature is later used to validate the integrity of the DNN and verify the inference output on the fly. We propose a novel sensitivity analysis scheme that accurately identifies the most vulnerable DNN layers to the fault-injection attack. The DNN signature is then constructed by encoding the underlying weights in the vulnerable layers using a low-collision hash function. When the DNN is deployed, new hashes are extracted from the target layers during inference and compared against the ground-truth signatures. HASHTAG incorporates a lightweight methodology that ensures a low-overhead and real-time fault detection on embedded platforms. Extensive evaluations with the state-of-theart bit-flip attack on various DNNs demonstrate the competitive advantage of HASHTAG in terms of both attack detection and execution overhead.

show abstract

RA-BNN: Constructing Robust & Accurate Binary Neural Network to Simultaneously Defend Adversarial Bit-Flip Attack and Improve Accuracy

Cited by 2 publications

References 35 publications

Neural Network Precision Tuning Using Stochastic Arithmetic

Neural Network Precision Tuning Using Stochastic Arithmetic

HASHTAG: Hash Signatures for Online Detection of Fault-Injection Attacks on Deep Neural Networks

Contact Info

Product

Resources

About