Security Risks in Deep Learning Implementations

TL;DR

This paper identifies security vulnerabilities in popular deep learning frameworks like TensorFlow and Caffe, demonstrating how attackers can exploit these flaws to cause system crashes, hijack control flow, or evade recognition in applications.

Contribution

It uncovers specific security vulnerabilities in deep learning frameworks and analyzes their impact on applications, emphasizing the need for improved security measures.

Findings

Framework vulnerabilities enable denial-of-service attacks.

Attackers can hijack control flow to compromise systems.

Vulnerabilities affect voice recognition and image classification.

Abstract

Advance in deep learning algorithms overshadows their security risk in software implementations. This paper discloses a set of vulnerabilities in popular deep learning frameworks including Caffe, TensorFlow, and Torch. Contrast to the small code size of deep learning models, these deep learning frameworks are complex and contain heavy dependencies on numerous open source packages. This paper considers the risks caused by these vulnerabilities by studying their impact on common deep learning applications such as voice recognition and image classifications. By exploiting these framework implementations, attackers can launch denial-of-service attacks that crash or hang a deep learning application, or control-flow hijacking attacks that cause either system compromise or recognition evasions. The goal of this paper is to draw attention on the software implementations and call for the community effort to improve the security of deep learning frameworks.