BEGIN:VCALENDAR
VERSION:2.0
PRODID:Linklings LLC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20240626T180033Z
LOCATION:3002\, 3rd Floor
DTSTART;TZID=America/Los_Angeles:20240626T163000
DTEND;TZID=America/Los_Angeles:20240626T164500
UID:dac_DAC 2024_sess106_RESEARCH293@linklings.com
SUMMARY:DNN-Defender: A Victim-Focused In-DRAM Defense Mechanism for Tamin
 g Adversarial Weight Attack on DNNs
DESCRIPTION:Research Manuscript\n\nRanyang Zhou (New Jersey Institute of T
 echnology); Sabbir Ahmed (State University of New York, Binghamton); Adnan
  Siraj Rakin (Binghamton University); and Shaahin Angizi (New Jersey Insti
 tute of Technology)\n\nWith deep learning deployed in many security-sensit
 ive areas, machine learning security is becoming progressively important. 
 Recent studies demonstrate attackers can exploit system-level techniques e
 xploiting the RowHammer vulnerability of DRAM to deterministically and pre
 cisely flip bits in Deep Neural Networks (DNN) model weights to affect inf
 erence accuracy. The existing defense mechanisms are software-based, such 
 as weight reconstruction requiring expensive training overhead or performa
 nce degradation. On the other hand, generic hardware-based victim-/aggress
 or-focused mechanisms impose expensive hardware overheads and preserve the
  spatial connection between victim and aggressor rows. In this paper, we p
 resent the first DRAM-based victim-focused defense mechanism tailored for 
 quantized DNNs, named DNN-Defender that leverages the potential of in-DRAM
  swapping to withstand the targeted bit-flip attacks with a priority prote
 ction mechanism. Our results indicate that DNN-Defender can deliver a high
  level of protection downgrading the performance of targeted RowHammer att
 acks to a random attack level. In addition, the proposed defense has no ac
 curacy drop on CIFAR-10 and ImageNet datasets without requiring any softwa
 re training or incurring hardware overhead.\n\nTopic: AI, Security\n\nKeyw
 ord: AI/ML Security/Privacy\n\nSession Chair: Benjamin Tan (University of 
 Calgary)
END:VEVENT
END:VCALENDAR