Yes, One-Bit-Flip Matters! Universal DNN Model Inference Depletion with Runtime Code Fault Injection

Watch a 12-minute conference presentation from USENIX Security '24 that introduces FrameFlip, a groundbreaking attack method for depleting DNN model inference through runtime code fault injections. Learn how this Distinguished Paper Award-winning research achieves successful attacks using just a single bit-flip injection, differentiating it from existing approaches that require multiple concurrent faults. Explore how FrameFlip operates at the universal code level, affecting major machine learning frameworks like PyTorch and TensorFlow. Discover the implementation results across various model architectures and datasets using DRAM Rowhammer, demonstrating how a single fault injection can reduce model inference accuracy to random guessing levels. Understand why this attack proves particularly challenging to defend against, as it targets underlying code rather than specific model characteristics, making it effective across different deployed models while evading current defense mechanisms.