NNTesting: Neural Network Fault Attacks Detection Using Gradient-Based Test Vector Generation

被引:0
作者
Wang, Antian [1 ]
Zhao, Bingyin [1 ]
Tan, Weihang [1 ]
Lao, Yingjie [1 ]
机构
[1] Clemson Univ, Dept Elect & Comp Engn, Clemson, SC 29634 USA
来源
2023 60TH ACM/IEEE DESIGN AUTOMATION CONFERENCE, DAC | 2023年
基金
美国国家科学基金会;
关键词
Neural Network; Fault Attack; Defense; Test Vector Generation; Model Repairing;
D O I
10.1109/DAC56929.2023.10247885
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Recent studies have shown Neural Networks (NNs) are highly vulnerable to fault attacks. This work proposes a novel defensive framework, NNTesting, for detecting the fault attack and recovering the model. We first leverage gradient-based optimization to generate a set of high-quality Test Vectors (TVs) that effectively differentiate faulty profile models and further optimize the TV set by reducing the TVs through compression. The selected final TV set is then used to recover the model. The effectiveness of the proposed method is comprehensively evaluated on a wide range of models across various benchmark datasets. For instance, we successfully generate more than thousands of TV candidates using a gradient-based generation method. After compression, we achieve up to 94.76% detection success rate with only 140 TVs on the CIFAR-10 dataset.
引用
收藏
页数:6
相关论文
共 31 条
[1]  
AGRAWAL P, 1976, IEEE T COMPUT, V25, P664, DOI 10.1109/TC.1976.1674670
[2]  
[Anonymous], 2016, P 2016 IEEE C COMP V
[3]  
Bojarski M, 2016, Arxiv, DOI [arXiv:1604.07316, DOI 10.48550/ARXIV.1604.07316]
[4]   POSTER: Practical Fault Attack on Deep Neural Networks [J].
Breier, Jakub ;
Hou, Xiaolu ;
Jap, Dirmanto ;
Ma, Lei ;
Bhasin, Shivam ;
Liu, Yang .
PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, :2204-2206
[5]  
Carter J., 1985, IEEE INT S CIRC SYST
[6]   DeepAttest: An End-to-End Attestation Framework for Deep Neural Networks [J].
Chen, Huili ;
Fu, Cheng ;
Rouhani, Bita Darvish ;
Zhao, Jishen ;
Koushanfar, Farinaz .
PROCEEDINGS OF THE 2019 46TH INTERNATIONAL SYMPOSIUM ON COMPUTER ARCHITECTURE (ISCA '19), 2019, :487-498
[7]   Blind Data Adversarial Bit-flip Attack against Deep Neural Networks [J].
Ghavami, Behnam ;
Sadati, Mani ;
Shahidzadeh, Mohammad ;
Fang, Zhenman ;
Shannon, Lesley .
2022 25TH EUROMICRO CONFERENCE ON DIGITAL SYSTEM DESIGN (DSD), 2022, :899-904
[8]  
Goodfellow I., 2015, 2015 INT C LEARN REP
[9]   Deep Residual Learning for Image Recognition [J].
He, Kaiming ;
Zhang, Xiangyu ;
Ren, Shaoqing ;
Sun, Jian .
2016 IEEE CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2016, :770-778
[10]   Advances in natural language processing [J].
Hirschberg, Julia ;
Manning, Christopher D. .
SCIENCE, 2015, 349 (6245) :261-266