Compromising the Intelligence of Modern DNNs: On the Effectiveness of Targeted RowPress

TL;DR

This paper demonstrates that RowPress, a DRAM-based bit-flip attack, causes faster and more severe performance degradation in DNNs than RowHammer, exposing new vulnerabilities and the inadequacy of existing defenses.

Contribution

It is the first study to compare RowPress and RowHammer attacks on DNNs, revealing RowPress's higher effectiveness and the failure of current mitigation strategies.

Findings

RowPress causes faster DNN performance degradation than RowHammer.

Existing RowHammer defenses are ineffective against RowPress.

DNNs are highly vulnerable to targeted DRAM bit-flip attacks.

Abstract

Recent advancements in side-channel attacks have revealed the vulnerability of modern Deep Neural Networks (DNNs) to malicious adversarial weight attacks. The well-studied RowHammer attack has effectively compromised DNN performance by inducing precise and deterministic bit-flips in the main memory (e.g., DRAM). Similarly, RowPress has emerged as another effective strategy for flipping targeted bits in DRAM. However, the impact of RowPress on deep learning applications has yet to be explored in the existing literature, leaving a fundamental research question unanswered: How does RowPress compare to RowHammer in leveraging bit-flip attacks to compromise DNN performance? This paper is the first to address this question and evaluate the impact of RowPress on DNN applications. We conduct a comparative analysis utilizing a novel DRAM-profile-aware attack designed to capture the distinct bit-flip patterns caused by RowHammer and RowPress. Eleven widely-used DNN architectures trained on different benchmark datasets deployed on a Samsung DRAM chip conclusively demonstrate that they suffer from a drastically more rapid performance degradation under the RowPress attack compared to RowHammer. The difference in the underlying attack mechanism of RowHammer and RowPress also renders existing RowHammer mitigation mechanisms ineffective under RowPress. As a result, RowPress introduces a new vulnerability paradigm for DNN compute platforms and unveils the urgent need for corresponding protective measures.