Search Results for author:
Found 19 papers, 7 papers with code
DNN-Defender: An in-DRAM Deep Neural Network Defense Mechanism for Adversarial Weight Attack
With deep learning deployed in many security-sensitive areas, machine learning security is becoming progressively important.
Model Extraction Attacks on Split Federated Learning
We show that under practical cases, the proposed ME attacks work exceptionally well for SFL.
SSDA: Secure Source-Free Domain Adaptation
Source-free domain adaptation (SFDA) is a popular unsupervised domain adaptation method where a pre-trained model from a source domain is adapted to a target domain without accessing any source data.
ResSFL: A Resistance Transfer Framework for Defending Model Inversion Attack in Split Federated Learning
While such a scheme helps reduce the computational load at the client end, it opens itself to reconstruction of raw data from intermediate activation by the server.
Rep-Net: Efficient On-Device Learning via Feature Reprogramming
To develop memory-efficient on-device transfer learning, in this work, we are the first to approach the concept of transfer learning from a new perspective of intermediate feature reprogramming of a pre-trained model (i. e., backbone).
DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories
Secondly, we propose a novel substitute model training algorithm with Mean Clustering weight penalty, which leverages the partial leaked bit information effectively and generates a substitute prototype of the target victim model.
RA-BNN: Constructing Robust & Accurate Binary Neural Network to Simultaneously Defend Adversarial Bit-Flip Attack and Improve Accuracy
Apart from recovering the inference accuracy, our RA-BNN after growing also shows significantly higher resistance to BFA.
RADAR: Run-time Adversarial Weight Attack Detection and Accuracy Recovery
In this work, we propose RADAR, a Run-time adversarial weight Attack Detection and Accuracy Recovery scheme to protect DNN weights against PBFA.
$DA^3$:Dynamic Additive Attention Adaption for Memory-EfficientOn-Device Multi-Domain Learning
We observe that large memory used for activation storage is the bottleneck that largely limits the training time and cost on edge devices.
Deep-Dup: An Adversarial Weight Duplication Attack Framework to Crush Deep Neural Network in Multi-Tenant FPGA
Specifically, she can aggressively overload the shared power distribution system of FPGA with malicious power-plundering circuits, achieving adversarial weight duplication (AWD) hardware attack that duplicates certain DNN weight packages during data transmission between off-chip memory and on-chip buffer, to hijack the DNN function of the victim tenant.
T-BFA: Targeted Bit-Flip Adversarial Weight Attack
Prior works of BFA focus on un-targeted attack that can hack all inputs into a random output class by flipping a very small number of weight bits stored in computer memory.
Robust Machine Learning via Privacy/Rate-Distortion Theory
Robust machine learning formulations have emerged to address the prevalent vulnerability of deep neural networks to adversarial examples.
DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit Flips
Security of machine learning is increasingly becoming a major concern due to the ubiquitous deployment of deep learning in many security-sensitive domains.
TBT: Targeted Neural Network Attack with Bit Trojan
However, when the attacker activates the trigger by embedding it with any input, the network is forced to classify all inputs to a certain target class.
Robust Sparse Regularization: Simultaneously Optimizing Neural Network Robustness and Compactness
In this work, we show that shrinking the model size through proper weight pruning can even be helpful to improve the DNN robustness under adversarial attack.
Bit-Flip Attack: Crushing Neural Network with Progressive Bit Search
Several important security issues of Deep Neural Network (DNN) have been raised recently associated with different applications and components.
Parametric Noise Injection: Trainable Randomness to Improve Deep Neural Network Robustness against Adversarial Attack
Training the network with Gaussian noise is an effective technique to perform model regularization, thus improving model robustness against input variation.
Defend Deep Neural Networks Against Adversarial Examples via Fixed and Dynamic Quantized Activation Functions
Recent studies have shown that deep neural networks (DNNs) are vulnerable to adversarial attacks.
Blind Pre-Processing: A Robust Defense Method Against Adversarial Examples
Blind pre-processing improves the white box attack accuracy of MNIST from 94. 3\% to 98. 7\%.
