Traditional Deep Neural Network (DNN) security is mostly related to the well-known adversarial input example attack.Recently, another dimension of adversarial attack, namely, attack on DNN weight parameters, has been shown to be very powerful. Asa representative one, the Bit-Flip based adversarial weight Attack (BFA) injects an extremely small amount of faults into weight parameters to hijack the executing DNN function. Prior works of BFA focus on un-targeted attacks that can hack all inputs into a random output class by flipping a very small number of weight bits stored in computer memory. This paper proposes the first work oftargetedBFA based (T-BFA) adversarial weight attack on DNNs, which can intentionally mislead selected inputs to a target output class. The objective is achieved by identifying the weight bits that are highly associated with classification of a targeted output through a class-dependent weight bit searching algorithm. Our proposed T-BFA performance is successfully demonstrated on multiple DNN architectures for image classification tasks. For example, by merely flipping 27 out of 88 million weight bits of ResNet-18, our T-BFA can misclassify all the images from Hen class into Goose class (i.e., 100% attack success rate) in ImageNet dataset, while maintaining 59.35% validation accuracy.
Download full-text PDF |
Source |
|---|---|
| http://dx.doi.org/10.1109/TPAMI.2021.3112932 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
Using statistical analysis to explore the influencing factors of data imbalance for machine learning identification methods of human transcriptome m6A modification sites.
Comput Biol Chem
January 2025
College of Biomedical Engineering, Sichuan University, Chengdu 610065, China. Electronic address:
RNA methylation, particularly through m6A modification, represents a crucial epigenetic mechanism that governs gene expression and influences a range of biological functions. Accurate identification of methylation sites is crucial for understanding their biological functions. Traditional experimental methods, however, are often costly and can be influenced by experimental conditions, making machine learning, especially deep learning techniques, a vital tool for m6A site identification.
View Article and Find Full Text PDFA variety of deep generative models have been adopted to perform functional protein generation. Compared to 3D protein design, sequence-based generation methods, which aim to generate amino acid sequences with desired functions, remain a major approach for functional protein generation due to the abundance and quality of protein sequence data, as well as the relatively low modeling complexity for training. Although these models are typically trained to match protein sequences from the training data, exact matching of every amino acid is not always essential.
View Article and Find Full Text PDFExploring the subtle and novel renal pathological changes in diabetic nephropathy using clustering analysis with deep learning.
Sci Rep
January 2025
Department of Nephrology, Kanazawa Medical University, 1-1 Daigaku, Uchinada, 920-0293, Ishikawa, Japan.
To decrease the number of chronic kidney disease (CKD), early diagnosis of diabetic kidney disease is required. We performed invariant information clustering (IIC)-based clustering on glomerular images obtained from nephrectomized kidneys of patients with and without diabetes. We also used visualizing techniques (gradient-weighted class activation mapping (Grad-CAM) and generative adversarial networks (GAN)) to identify the novel and early pathological changes on light microscopy in diabetic nephropathy.
View Article and Find Full Text PDFGeneration of high-resolution MPRAGE-like images from 3D head MRI localizer (AutoAlign Head) images using a deep learning-based model.
Jpn J Radiol
January 2025
Department of Diagnostic Imaging and Nuclear Medicine, Graduate School of Medicine, Kyoto University, 54 Shogoin Kawahara-Cho, Sakyo-Ku, Kyoto, 606-8507, Japan.
Purpose: Magnetization prepared rapid gradient echo (MPRAGE) is a useful three-dimensional (3D) T1-weighted sequence, but is not a priority in routine brain examinations. We hypothesized that converting 3D MRI localizer (AutoAlign Head) images to MPRAGE-like images with deep learning (DL) would be beneficial for diagnosing and researching dementia and neurodegenerative diseases. We aimed to establish and evaluate a DL-based model for generating MPRAGE-like images from MRI localizers.
View Article and Find Full Text PDFLearning with noisy labels via clean aware sharpness aware minimization.
Sci Rep
January 2025
School of Mechanical, Electrical, and Information Engineering, Putian University, Putian, 351100, China.
Noise label learning has attracted considerable attention owing to its ability to leverage large amounts of inexpensive and imprecise data. Sharpness aware minimization (SAM) has shown effective improvements in the generalization performance in the presence of noisy labels by introducing adversarial weight perturbations in the model parameter space. However, our experimental observations have shown that the SAM generalization bottleneck primarily stems from the difficulty of finding the correct adversarial perturbation amidst the noisy data.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!