0% Complete
Home
/
15th International Conference on Computer and Knowledge Engineering
Towards Low-Overhead Mitigation of Trojan Bit-Flip Attacks on DNNs via Causal Inference
Authors :
Bahare Gholami
1
Mohsen Raji
2
1- دانشگاه شیراز
2- دانشگاه شیراز
Keywords :
Trojan Bit-Flip Attack،Lightweight Defense Mechanism،Causal Inference
Abstract :
Trojan bit-flip attacks pose a significant threat to the security of deep neural networks (DNNs), particularly in safety-critical applications. Existing defense mechanisms often incur substantial memory overhead, limiting their applicability in resource-constrained environments. Identifying the most vulnerable parts of a DNN is the key to designing efficient defense mechanisms against Trojan bit-flip attacks. In this paper, a low overhead defense mechanism for Trojan bit-flip attacks on DNNs is proposed. To identify the most influential layers within a DNN that can be the targets of attackers, the proposed approach leverages causal inference, a statistical and analytical framework for modeling the causal effects of interventions or changes in one variable (e.g., a Trojan bit-flip attack on the parameters of a DNN) on another (e.g., model predictions). By performing a layer-wise causal analysis, the method ranks layers according to their contribution to the model predictions and protects only those layers, rather than protecting all layers as in previous work. Evaluations on ResNet-32 using the CIFAR-10 dataset indicate that, relative to the state-of-the-art, the proposed method reduces the additional memory overhead by more than 3.5×. Specifically, it increases the base model size from 1.77 MB to 3.43 MB (an overhead of 1.66 MB), whereas the state-of-the art method increases it to 7.64 MB (an overhead of 5.87 MB). While preserving high model accuracy (89.64%) and achieving a similar reduction in attack success rate, these results highlight the effectiveness of the proposed causality-guided selective protection in improving DNN robustness with minimal overhead.
Papers List
List of archived papers
Distilled BERT Model In Natural Language Processing
Yazdan Zandiye Vakili - Avisa Fallah - Hedieh Sajedi
Instance Selection from Skewed Class Distributions by Using the multi-objective optimizer
Mona Moradi - Javad Hamidzadeh
A New Application of Machine Learning Based Methods for Disk Space Variation Fault Diagnosis in Transformer Windings
Reza Behkam - Amir Lotfi - Gevork B. Gharehpetian
Adaptive Pattern Reconstruction Using Linear Regression for Improved TPS Anomaly Detection
Ali Azarsina - Alireza Safarzadeh - MohammadReza Jamali - Abdolhossein Vahabie
Load Frequency Control of Geothermal Power Plant Incorporated Two-Area Hydro-Thermal System with AC-DC Lines
Shanker J Gambhire - Malligunta Kiran Kumar - Hossein Shahinzadeh - Mohammad-hossein Fayaz-dastgerdi - B. Srikanth Goud - Ch.Naga sai Kalyan
Stock market prediction using multi-objective optimization
Mahshid Zolfaghari - Hamid Fadishei - Mohsen Tajgardan - Reza Khoshkangini
Weakly Supervised Convolutional Neural Network for Automatic Gleason Grading of Prostate Cancer
Maryam Kamareh - Mohammad Sadegh Helfroush - Kamran Kazemi
TCAR: Thermal and Congestion-Aware Routing Algorithm in a Partially Connected 3D Network on Chip
Majid Nezarat - Masoomeh Momeni
A Dual-Branch Attention-Enhanced CNN for Corn Leaf Disease Classification via RGB-HLS Color Space Fusion
Mohammad Ali Salehi Rad - Kamran Kazemi - Mohammad Sadegh Helfroush - Tahereh Golshaeian
WBT-GAN:Wavelet based Generative Adversarial Network for Texture Synthesis
Sara Saberi moghadam - Reza Azmi - Maral Zarvani
more
Samin Hamayesh - Version 43.7.0
