0% Complete
Home
/
15th International Conference on Computer and Knowledge Engineering
Towards Low-Overhead Mitigation of Trojan Bit-Flip Attacks on DNNs via Causal Inference
Authors :
Bahare Gholami
1
Mohsen Raji
2
1- دانشگاه شیراز
2- دانشگاه شیراز
Keywords :
Trojan Bit-Flip Attack،Lightweight Defense Mechanism،Causal Inference
Abstract :
Trojan bit-flip attacks pose a significant threat to the security of deep neural networks (DNNs), particularly in safety-critical applications. Existing defense mechanisms often incur substantial memory overhead, limiting their applicability in resource-constrained environments. Identifying the most vulnerable parts of a DNN is the key to designing efficient defense mechanisms against Trojan bit-flip attacks. In this paper, a low overhead defense mechanism for Trojan bit-flip attacks on DNNs is proposed. To identify the most influential layers within a DNN that can be the targets of attackers, the proposed approach leverages causal inference, a statistical and analytical framework for modeling the causal effects of interventions or changes in one variable (e.g., a Trojan bit-flip attack on the parameters of a DNN) on another (e.g., model predictions). By performing a layer-wise causal analysis, the method ranks layers according to their contribution to the model predictions and protects only those layers, rather than protecting all layers as in previous work. Evaluations on ResNet-32 using the CIFAR-10 dataset indicate that, relative to the state-of-the-art, the proposed method reduces the additional memory overhead by more than 3.5×. Specifically, it increases the base model size from 1.77 MB to 3.43 MB (an overhead of 1.66 MB), whereas the state-of-the art method increases it to 7.64 MB (an overhead of 5.87 MB). While preserving high model accuracy (89.64%) and achieving a similar reduction in attack success rate, these results highlight the effectiveness of the proposed causality-guided selective protection in improving DNN robustness with minimal overhead.
Papers List
List of archived papers
Compressing Deep Neural Networks Using Explainable AI
Kimia Soroush - Mohsen Raji - Behnam Ghavami
To Transfer or Not To Transfer (TNT): Action Recognition in Still Image Using Transfer Learning
Ali Soltani Nezhad - Hojat Asgarian Dehkordi - Seyed Sajad Ashrafi - Shahriar Baradaran Shokouhi
A Dual-Branch Attention-Enhanced CNN for Corn Leaf Disease Classification via RGB-HLS Color Space Fusion
Mohammad Ali Salehi Rad - Kamran Kazemi - Mohammad Sadegh Helfroush - Tahereh Golshaeian
Semi-Supervised Supply Chain Fraud Detection with Unsupervised Pre-Filtering
Fatemeh Moradi - Mehran Tarif - Mohammadhossein Homaei
A Deep CNN Model Based Ensemble Approach for Semantic and Instance Segmentation of Indoor Environment
Sajad Rezaei - Jafar Tanha - Zahra Jafari - SeyedEhsan Roshan - Mohammad-Amin Memar Kochebagh
Adaptive Sliding Window Optimization for Multi-Dimensional Data Streams Using Reinforcement Learning
Abolfazl Zarghani
Uncertainty-Aware Deep Ensembles for Confident Customer Churn Prediction with Rejection Option
Fatemeh Moradi - Mehran Tarif - Mohammadhossein Homaei
A Survey of the AVOA Metaheuristic Algorithm and its Suitability for Power System Optimization and Damping Controller Design
Aliyu Sabo - Theophilus Ebuka Odoh - Samuel Habu - Hossien Shahinzadeh - Farshad Ebrahimi
Hybrid Vision Transformer for Detection of Dentigerous Cysts in Dental Radiography Images
Reza Tavasoli - Arya VarastehNezhad - Hamed Farbeh
An Effective Connectomics Approach for Diagnosing ADHD using Eyes-open Resting-state MEG
Nastaran Hamedi - Ali Khadem - Sajjad Vardast - Mehdi Delrobaei - Abbas Babajani-Feremi
more
Samin Hamayesh - Version 43.7.0
