TY - GEN
T1 - Bit Attacking Deep Neural Networks Based on Complex Networks Theory
AU - Zhou, Yijing
AU - Yang, Shunkun
AU - Shao, Qi
AU - Zhang, Yuhao
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - With the widespread application of deep learning technology in safety-critical systems, the issues of security and robustness are increasingly prominent, becoming an important topic that cannot be ignored. In addition to input-side threats represented by adversarial examples, model-side attacks such as poisoning attacks or bit flipping have also become fatal security threats in deep learning systems. Despite existing research in bit-flip attack being able to achieve significant attack effects by flipping a small number of bits, there still lacks effective bit attack strategies in dealing with limitations such as the lack of specific use cases, inability to perform forward propagation, and the presence of gradient masking. Therefore, this paper proposes a bit attack strategy based on complex network theory for fully connected neural networks (FCNNs). This strategy relies solely on the structural information of the model, abstracting the neural network into a directed weighted graph, and creating graph structural metrics of the neural network. Utilizing these metrics to identify vulnerable neurons and weights, it guides the execution of bit attacks. Experimental results demonstrate that bit attacks guided by complex network metrics are significantly superior to random attacks, and attacks guided by Link Weights metrics require only up to 50 bits at most to increase the neural network error by 80%.
AB - With the widespread application of deep learning technology in safety-critical systems, the issues of security and robustness are increasingly prominent, becoming an important topic that cannot be ignored. In addition to input-side threats represented by adversarial examples, model-side attacks such as poisoning attacks or bit flipping have also become fatal security threats in deep learning systems. Despite existing research in bit-flip attack being able to achieve significant attack effects by flipping a small number of bits, there still lacks effective bit attack strategies in dealing with limitations such as the lack of specific use cases, inability to perform forward propagation, and the presence of gradient masking. Therefore, this paper proposes a bit attack strategy based on complex network theory for fully connected neural networks (FCNNs). This strategy relies solely on the structural information of the model, abstracting the neural network into a directed weighted graph, and creating graph structural metrics of the neural network. Utilizing these metrics to identify vulnerable neurons and weights, it guides the execution of bit attacks. Experimental results demonstrate that bit attacks guided by complex network metrics are significantly superior to random attacks, and attacks guided by Link Weights metrics require only up to 50 bits at most to increase the neural network error by 80%.
KW - bit attack
KW - complex network theory
KW - deep neural networks
UR - https://www.scopus.com/pages/publications/85209798768
U2 - 10.1109/QRS-C63300.2024.00042
DO - 10.1109/QRS-C63300.2024.00042
M3 - 会议稿件
AN - SCOPUS:85209798768
T3 - Proceedings - 2024 IEEE 24th International Conference on Software Quality, Reliability and Security Companion, QRS-C 2024
SP - 260
EP - 268
BT - Proceedings - 2024 IEEE 24th International Conference on Software Quality, Reliability and Security Companion, QRS-C 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 24th IEEE International Conference on Software Quality, Reliability and Security Companion, QRS-C 2024
Y2 - 1 July 2024 through 5 July 2024
ER -