Tossing in the Dark: Practical Bit-Flipping on Gray-box Deep Neural Networks for Runtime Trojan Injection

Explore a 12-minute conference presentation from USENIX Security '24 that delves into groundbreaking research on run-time Trojan injection attacks in deep neural networks (DNNs). Learn about a novel gray-box attack methodology called Groan, developed by researchers from Indiana University Bloomington and the Chinese Academy of Sciences, which demonstrates how Trojans can be injected into partially accessible DNN models through strategic bit-flipping. Discover how this attack works in realistic scenarios where only the encoder portion of a model is publicly accessible while maintaining model performance and bypassing current memory protection measures. Understand the evolution from traditional data poisoning attacks to more sophisticated run-time exploitation techniques, and examine the security implications for modern DNN implementations.