0% Complete
Home
/
15th International Conference on Computer and Knowledge Engineering
Towards Low-Overhead Mitigation of Trojan Bit-Flip Attacks on DNNs via Causal Inference
Authors :
Bahare Gholami
1
Mohsen Raji
2
1- دانشگاه شیراز
2- دانشگاه شیراز
Keywords :
Trojan Bit-Flip Attack،Lightweight Defense Mechanism،Causal Inference
Abstract :
Trojan bit-flip attacks pose a significant threat to the security of deep neural networks (DNNs), particularly in safety-critical applications. Existing defense mechanisms often incur substantial memory overhead, limiting their applicability in resource-constrained environments. Identifying the most vulnerable parts of a DNN is the key to designing efficient defense mechanisms against Trojan bit-flip attacks. In this paper, a low overhead defense mechanism for Trojan bit-flip attacks on DNNs is proposed. To identify the most influential layers within a DNN that can be the targets of attackers, the proposed approach leverages causal inference, a statistical and analytical framework for modeling the causal effects of interventions or changes in one variable (e.g., a Trojan bit-flip attack on the parameters of a DNN) on another (e.g., model predictions). By performing a layer-wise causal analysis, the method ranks layers according to their contribution to the model predictions and protects only those layers, rather than protecting all layers as in previous work. Evaluations on ResNet-32 using the CIFAR-10 dataset indicate that, relative to the state-of-the-art, the proposed method reduces the additional memory overhead by more than 3.5×. Specifically, it increases the base model size from 1.77 MB to 3.43 MB (an overhead of 1.66 MB), whereas the state-of-the art method increases it to 7.64 MB (an overhead of 5.87 MB). While preserving high model accuracy (89.64%) and achieving a similar reduction in attack success rate, these results highlight the effectiveness of the proposed causality-guided selective protection in improving DNN robustness with minimal overhead.
Papers List
List of archived papers
Enhancing Lighter Neural Network Performance with Layer-wise Knowledge Distillation and Selective Pixel Attention
Siavash Zaravashan - Sajjad Torabi - Hesam Zaravashan
Generating Hand-Written Symbols With Trajectory Planning Using A Robotic Arm
Arya Parvizi - Armin Salimi-Badr
Identifying novel disease genes based on protein complexes and biological features
Mahshad Hashemi - Eghbal Mansoori
An interactive user groups recommender system based on reinforcement learning
Hediyeh Naderi Allaf - Mohsen Kahani
Two-step thermal-aware routing algorithm in 3D NoC
Majid Nezarat - Masoume Momeni
BioBERT-based SNP-traits Associations Extraction from Biomedical Literature
Mohammad Dehghani - Behrouz Bokharaeian - Zahra Yazdanparast
Implementation of a Low-Overhead 2-Bit Parity-Preserving Reversible Vedic Multiplier for Quantum Architectures
Shekoofeh Moghimi - Negin Mashayekhi - Mohammad Reza Reshadinezhad
An Adaptive Budget and Deadline-aware Algorithm for Scheduling Workflows Ensemble in IaaS Clouds
Negin Shafinezhad - Hamid Abrishami - Saeid Abrishami
GAP: Fault tolerance Improvement of Convolutional Neural Networks through GAN-aided Pruning
Pouya Hosseinzadeh - Yasser Sedaghat - Ahad Harati
DevRanker: An Effective Approach to Rank Developers for Bug Report Assignment
Mohammad Reza Kardoost - Mohammad Reza Moosavi - Reza Akbari
more
Samin Hamayesh - Version 43.7.0
