MLBFA: A Machine Learning-Guided Framework for Efficient Bit-Flip Attacks on Deep Neural Networks

Resumo

The deployment of Deep Neural Networks (DNNs) in safety-critical systems necessitates resilience against hardware threats like the Bit-Flip Attack (BFA). This challenge becomes particularly nuanced for quantized networks. Unlike their floating-point counterparts where single flips can be catastrophic, the inherent robustness of quantized models—the exclusive focus of this work—makes identifying critical bits computationally prohibitive. We introduce the Machine Learning-Guided Framework for Efficient BFAs (MLBFA), a novel framework that leverages Machine Learning (ML) to execute highly efficient Bit-Flip Attacks (BFAs). MLBFA operates in three stages: (1) it builds a Vulnerability Model (VM) from a limited statistical fault injection campaign using a multidimensional feature set; (2) it uses the VM to predict and rank the vulnerability of all parameters across the network; and (3) it exploits this ranking to guide advanced search algorithms (Greedy, Evolutionary, and Progressive) in identifying the minimal set of bit-flips required to neutralize the DNN. On quantized ResNet architectures, crucial for embedded systems, MLBFA consistently outperforms state-of-the-art methods, neutralizing a ResNet-32 with only six bit-flips and reducing the required flips by nearly 50% on deeper models like the ResNet-56. This work demonstrates that a holistic, ML-guided approach provides a superior strategic map for executing more potent hardware-level attacks with fewer resources.