Recent advancements in side-channel attacks have revealed the vulnerability of modern Deep Neural Networks (DNNs) to malicious adversarial weight attacks. The well-studied RowHammer attack has effectively compromised DNN performance by inducing precise and deterministic bit-flips in the main memory (e.g., DRAM). Similarly, RowPress has emerged as another effective strategy for flipping targeted bits in DRAM. However, the impact of RowPress on deep learning applications has yet to be explored in the existing literature, leaving a fundamental research question unanswered: How does RowPress compare to RowHammer in leveraging bit-flip attacks to compromise DNN performance? This paper is the first to address this question and evaluate the impact of RowPress on DNN applications. We conduct a comparative analysis utilizing a novel DRAM-profile-aware attack designed to capture the distinct bit-flip patterns caused by RowHammer and RowPress. Eleven widely-used DNN architectures trained on different benchmark datasets deployed on a Samsung DRAM chip conclusively demonstrate that they suffer from a drastically more rapid performance degradation under the RowPress attack compared to RowHammer. The difference in the underlying attack mechanism of RowHammer and RowPress also renders existing RowHammer mitigation mechanisms ineffective under RowPress. As a result, RowPress introduces a new vulnerability paradigm for DNN compute platforms and unveils the urgent need for corresponding protective measures.
翻译:近期侧信道攻击的进展揭示了现代深度神经网络(DNN)对恶意对抗性权重攻击的脆弱性。经过深入研究的RowHammer攻击通过在主存储器(如DRAM)中诱发精确且确定性的比特翻转,已有效破坏了DNN的性能。类似地,RowPress已成为另一种在DRAM中翻转目标比特的有效策略。然而,现有文献尚未探讨RowPress对深度学习应用的影响,一个根本性的研究问题仍未得到解答:在利用比特翻转攻击破坏DNN性能方面,RowPress与RowHammer相比如何?本文首次针对此问题展开研究,评估了RowPress对DNN应用的影响。我们利用一种新颖的DRAM特性感知攻击进行了对比分析,该攻击旨在捕获由RowHammer和RowPress引起的不同比特翻转模式。在三星DRAM芯片上部署的、基于不同基准数据集训练的十一种广泛使用的DNN架构最终证明,与RowHammer攻击相比,它们在RowPress攻击下遭受的性能退化急剧加速。RowHammer与RowPress底层攻击机制的差异,也使得现有的RowHammer缓解机制在RowPress攻击下失效。因此,RowPress为DNN计算平台引入了一种新的脆弱性范式,并揭示了对相应保护措施的迫切需求。