Papers
Topics
Authors
Recent
Search
2000 character limit reached

DRAM-Locker: A General-Purpose DRAM Protection Mechanism against Adversarial DNN Weight Attacks

Published 14 Dec 2023 in cs.AR | (2312.09027v1)

Abstract: In this work, we propose DRAM-Locker as a robust general-purpose defense mechanism that can protect DRAM against various adversarial Deep Neural Network (DNN) weight attacks affecting data or page tables. DRAM-Locker harnesses the capabilities of in-DRAM swapping combined with a lock-table to prevent attackers from singling out specific DRAM rows to safeguard DNN's weight parameters. Our results indicate that DRAM-Locker can deliver a high level of protection downgrading the performance of targeted weight attacks to a random attack level. Furthermore, the proposed defense mechanism demonstrates no reduction in accuracy when applied to CIFAR-10 and CIFAR-100. Importantly, DRAM-Locker does not necessitate any software retraining or result in extra hardware burden.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. Y. Adi et al., “Turning your weakness into a strength: Watermarking deep neural networks by backdooring,” in USENIX, 2018, pp. 1615–1631.
  2. A. S. Rakin et al., “Bit-flip attack: Crushing neural network with progressive bit search,” in ICCV, 2019, pp. 1211–1220.
  3. Y. Kim et al., “Flipping bits in memory without accessing them: An experimental study of dram disturbance errors,” ACM SIGARCH Computer Architecture News, vol. 42, no. 3, pp. 361–372, 2014.
  4. O. Mutlu et al., “Fundamentally understanding and solving rowhammer,” in ASP-DAC, 2023, pp. 461–468.
  5. A. Kogler et al., “{{\{{Half-Double}}\}}: Hammering from the next row over,” in USENIX Security, 2022, pp. 3807–3824.
  6. A. Saxena et al., “Pt-guard: Integrity-protected page tables to defend against breakthrough rowhammer attacks,” in DSN.   IEEE, 2023, pp. 95–108.
  7. Z. Zhang et al., “Pthammer: Cross-user-kernel-boundary rowhammer through implicit accesses,” in MICRO.   IEEE, 2020, pp. 28–41.
  8. P. Frigo et al., “Trrespass: Exploiting the many sides of target row refresh,” in SP.   IEEE, 2020, pp. 747–762.
  9. A. Olgun et al., “Dram bender: An extensible and versatile fpga-based infrastructure to easily test state-of-the-art dram chips,” IEEE TCAD, 2023.
  10. J. S. Kim et al., “Revisiting rowhammer: An experimental analysis of modern dram devices and mitigation techniques,” in ISCA.   IEEE, 2020, pp. 638–651.
  11. J. Woo et al., “Scalable and secure row-swap: Efficient and safe row hammer mitigation in memory systems,” preprint arXiv:2212.12613, 2022.
  12. M. Marazzi et al., “Rega: Scalable rowhammer mitigation with refresh-generating activations,” in SP.   IEEE, 2023.
  13. R. Zhou et al., “Lt-pim: An lut-based processing-in-dram architecture with rowhammer self-tracking,” IEEE Computer Architecture Letters, vol. 21, no. 2, pp. 141–144, 2022.
  14. G. Saileshwar et al., “Randomized row-swap: mitigating row hammer by breaking spatial correlation between aggressor and victim rows,” in ASPLOS, 2022, pp. 1056–1069.
  15. M. Wi et al., “Shadow: Preventing row hammer in dram with intra-subarray row shuffling,” in HPCA.   IEEE, 2023, pp. 333–346.
  16. D.-H. Kim et al., “Architectural support for mitigating row hammering in dram memories,” IEEE CAL, vol. 14, no. 1, pp. 9–12, 2014.
  17. M. Qureshi et al., “Hydra: enabling low-overhead mitigation of row-hammer at ultra-low thresholds via hybrid tracking,” in ISCA, 2022.
  18. Z. He et al., “Defending and harnessing the bit-flip based adversarial weight attack,” in CVPR, 2020, pp. 14 095–14 103.
  19. S. Angizi and D. Fan, “Redram: A reconfigurable processing-in-dram platform for accelerating bulk bit-wise operations,” in 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).   IEEE, 2019, pp. 1–8.
  20. V. Seshadri et al., “Ambit: In-memory accelerator for bulk bitwise operations using commodity dram technology,” in MICRO.   IEEE, 2017, pp. 273–287.
  21. S. Angizi and D. Fan, “Graphide: A graph processing accelerator leveraging in-dram-computing,” in Proceedings of the 2019 on Great Lakes Symposium on VLSI, 2019, pp. 45–50.
  22. F. Zhang et al., “Aligner-d: Leveraging in-dram computing to accelerate dna short read alignment,” IEEE Journal on Emerging and Selected Topics in Circuits and Systems, vol. 13, no. 1, pp. 332–343, 2023.
  23. V. Seshadri, Y. Kim et al., “Rowclone: Fast and energy-efficient in-dram bulk data copy and initialization,” in MICRO, 2013.
  24. E. Lee et al., “Twice: Preventing row-hammering by exploiting time window counters,” in ISCA, 2019, pp. 385–396.
  25. R. Zhou et al., “Red-lut: Reconfigurable in-dram luts enabling massive parallel computation,” in Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design, 2022, pp. 1–8.
  26. R. Zhou, S. Ahmed et al., “Dnn-defender: An in-dram deep neural network defense mechanism for adversarial weight attack,” arXiv preprint arXiv:2305.08034, 2023.
  27. R. Zhou et al., “P-pim: A parallel processing-in-dram framework enabling row hammer protection,” in 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE).   IEEE, 2023, pp. 1–6.
  28. Apple, inc. about the security content of mac efi security update 2015-001. [Online]. Available: https://support.apple.com/en-au/HT204934.
  29. S. M. Seyedzadeh et al., “Counter-based tree structure for row hammering mitigation in dram,” CAL, vol. 16, 2016.
  30. Y. Park et al., “Graphene: Strong yet lightweight row hammer protection,” in MICRO.   IEEE, 2020, pp. 1–13.
  31. R. Zhou et al., “Threshold breaker: Can counter-based rowhammer prevention mechanisms truly safeguard dram?” arXiv preprint arXiv:2311.16460, 2023.
  32. Z. Zhang et al., “{{\{{SoftTRR}}\}}: Protect page tables against rowhammer attacks using software-only target row refresh,” in USENIX, 2022, pp. 399–414.
  33. X.-C. Wu et al., “Protecting page tables from rowhammer attacks using monotonic pointers in dram true-cells,” in ASPLOS, 2019, pp. 645–657.
  34. R. Schilling et al., “Secwalk: Protecting page table walks against fault attacks,” in HOST.   IEEE, 2021, pp. 56–67.
  35. L. Cojocar et al., “Exploiting correcting codes: On the effectiveness of ecc memory against rowhammer attacks,” in SP.   IEEE, 2019, pp. 55–71.
  36. M. Ribeiro et al., “Mlaas: Machine learning as a service,” in ICMLA.   IEEE, 2015, pp. 896–902.
  37. D. Gruss et al., “Another flip in the wall of rowhammer defenses,” in SP.   IEEE, 2018, pp. 245–261.
  38. A. Kwong et al., “Rambleed: Reading bits in memory without accessing them,” in SP.   IEEE, 2020, pp. 695–711.
  39. F. Yao et al., “Deephammer: Depleting the intelligence of deep neural networks through targeted chain of bit flips,” in USENIX, 2020.
  40. (2011) Ncsu eda freepdk45. [Online]. Available: http://www.eda.ncsu.edu/wiki/FreePDK45:Contents
  41. N. Binkert et al., “The gem5 simulator,” ACM SIGARCH computer architecture news, vol. 39, pp. 1–7, 2011.
  42. A. S. Rakin et al., “Ra-bnn: Constructing robust & accurate binary neural network to simultaneously defend adversarial bit-flip attack and improve accuracy,” arXiv preprint arXiv:2103.13813, 2021.
  43. J. Li et al., “Defending bit-flip attack through dnn weight reconstruction,” in DAC.   IEEE, 2020, pp. 1–6.
Citations (3)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up