{"id":"https://openalex.org/W4312596145","doi":"https://doi.org/10.1109/tc.2022.3211411","title":"Generating Robust DNN With Resistance to Bit-Flip Based Adversarial Weight Attack","display_name":"Generating Robust DNN With Resistance to Bit-Flip Based Adversarial Weight Attack","publication_year":2022,"publication_date":"2022-10-04","ids":{"openalex":"https://openalex.org/W4312596145","doi":"https://doi.org/10.1109/tc.2022.3211411"},"language":"en","primary_location":{"id":"doi:10.1109/tc.2022.3211411","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2022.3211411","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044443649","display_name":"Liang Liu","orcid":"https://orcid.org/0000-0002-7047-1794"},"institutions":[{"id":"https://openalex.org/I170201317","display_name":"University of Pittsburgh","ror":"https://ror.org/01an3r305","country_code":"US","type":"education","lineage":["https://openalex.org/I170201317"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Liang Liu","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Pittsburgh, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Pittsburgh, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I170201317"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049646773","display_name":"Yanan Guo","orcid":"https://orcid.org/0000-0003-0034-0358"},"institutions":[{"id":"https://openalex.org/I170201317","display_name":"University of Pittsburgh","ror":"https://ror.org/01an3r305","country_code":"US","type":"education","lineage":["https://openalex.org/I170201317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yanan Guo","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Pittsburgh, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Pittsburgh, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I170201317"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047799795","display_name":"Yueqiang Cheng","orcid":"https://orcid.org/0000-0002-6277-340X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yueqiang Cheng","raw_affiliation_strings":["Security Research Department, NIO Company, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Security Research Department, NIO Company, Shanghai, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026996875","display_name":"Youtao Zhang","orcid":"https://orcid.org/0000-0001-8425-8743"},"institutions":[{"id":"https://openalex.org/I170201317","display_name":"University of Pittsburgh","ror":"https://ror.org/01an3r305","country_code":"US","type":"education","lineage":["https://openalex.org/I170201317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Youtao Zhang","raw_affiliation_strings":["Department of Computer science, University of Pittsburgh, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer science, University of Pittsburgh, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I170201317"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101605460","display_name":"Jun Yang","orcid":"https://orcid.org/0000-0001-8372-6541"},"institutions":[{"id":"https://openalex.org/I170201317","display_name":"University of Pittsburgh","ror":"https://ror.org/01an3r305","country_code":"US","type":"education","lineage":["https://openalex.org/I170201317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jun Yang","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Pittsburgh, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Pittsburgh, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I170201317"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5044443649"],"corresponding_institution_ids":["https://openalex.org/I170201317"],"apc_list":null,"apc_paid":null,"fwci":4.9643,"has_fulltext":false,"cited_by_count":36,"citation_normalized_percentile":{"value":0.95812897,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"72","issue":"2","first_page":"401","last_page":"413"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10502","display_name":"Advanced Memory and Neural Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12808","display_name":"Ferroelectric and Negative Capacitance Devices","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7389128804206848},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5842223167419434},{"id":"https://openalex.org/keywords/bit","display_name":"Bit (key)","score":0.48496508598327637},{"id":"https://openalex.org/keywords/dram","display_name":"Dram","score":0.475728303194046},{"id":"https://openalex.org/keywords/latency","display_name":"Latency (audio)","score":0.42090409994125366},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.4163757264614105},{"id":"https://openalex.org/keywords/encoding","display_name":"Encoding (memory)","score":0.41007715463638306},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.36460787057876587},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.36139822006225586},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.31337422132492065},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.309515118598938},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22810274362564087},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.13554421067237854},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.11986204981803894}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7389128804206848},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5842223167419434},{"id":"https://openalex.org/C117011727","wikidata":"https://www.wikidata.org/wiki/Q1278488","display_name":"Bit (key)","level":2,"score":0.48496508598327637},{"id":"https://openalex.org/C7366592","wikidata":"https://www.wikidata.org/wiki/Q1255620","display_name":"Dram","level":2,"score":0.475728303194046},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.42090409994125366},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.4163757264614105},{"id":"https://openalex.org/C125411270","wikidata":"https://www.wikidata.org/wiki/Q18653","display_name":"Encoding (memory)","level":2,"score":0.41007715463638306},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.36460787057876587},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.36139822006225586},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.31337422132492065},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.309515118598938},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22810274362564087},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.13554421067237854},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.11986204981803894},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tc.2022.3211411","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2022.3211411","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.550000011920929,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W2120775753","https://openalex.org/W2155883880","https://openalex.org/W2300242332","https://openalex.org/W2337480911","https://openalex.org/W2404948481","https://openalex.org/W2522718524","https://openalex.org/W2585270215","https://openalex.org/W2593313312","https://openalex.org/W2612687770","https://openalex.org/W2628319348","https://openalex.org/W2807765471","https://openalex.org/W2884150179","https://openalex.org/W2895073576","https://openalex.org/W2963122961","https://openalex.org/W2963273111","https://openalex.org/W2963367920","https://openalex.org/W2963480671","https://openalex.org/W2964333506","https://openalex.org/W2964346747","https://openalex.org/W2974891422","https://openalex.org/W2981860227","https://openalex.org/W2984103614","https://openalex.org/W3002446690","https://openalex.org/W3034665124","https://openalex.org/W3092411122","https://openalex.org/W3102836279","https://openalex.org/W3102933117","https://openalex.org/W4233459511","https://openalex.org/W4238817530","https://openalex.org/W4242053016","https://openalex.org/W4245276998","https://openalex.org/W4288409632","https://openalex.org/W4293846201","https://openalex.org/W4312381597","https://openalex.org/W6628261430","https://openalex.org/W6637162671","https://openalex.org/W6732938580","https://openalex.org/W6739868092","https://openalex.org/W6752765571","https://openalex.org/W6752985256","https://openalex.org/W6753937820","https://openalex.org/W6755424845","https://openalex.org/W6760905627","https://openalex.org/W6766978945","https://openalex.org/W6775611046","https://openalex.org/W6790153967"],"related_works":["https://openalex.org/W4315780078","https://openalex.org/W4225161019","https://openalex.org/W4312326921","https://openalex.org/W3094843325","https://openalex.org/W4221146314","https://openalex.org/W4385573583","https://openalex.org/W3112862192","https://openalex.org/W2947920725","https://openalex.org/W3142814525","https://openalex.org/W2051801288"],"abstract_inverted_index":{"Rowhammer":[0],"Attack,":[1],"a":[2,36,54,75,94,187,235],"new":[3,37],"DRAM-based":[4],"attack,":[5,238],"was":[6,43],"developed":[7,44],"exploiting":[8],"weak":[9],"cells":[10],"to":[11,28,134,191,225,249],"alter":[12],"their":[13],"content.":[14],"Such":[15],"attacks":[16],"can":[17,82],"be":[18],"launched":[19],"at":[20],"the":[21,29,59,69,101,119,136,155,164,169,173,184,215,243],"user":[22],"level":[23],"without":[24],"requiring":[25],"access":[26],"permission":[27],"victim":[30],"memory":[31],"cells.":[32],"Leveraging":[33],"such":[34],"attacks,":[35],"bit-flip-based":[38],"adversarial":[39,62],"weights":[40],"attack":[41,63],"(BFA)":[42],"targeting":[45],"deep":[46],"neural":[47],"network":[48],"models.":[49],"When":[50],"BFA":[51,190,217],"attackers":[52],"acquire":[53],"DNN":[55,61,71],"model,":[56],"they":[57,81],"manipulate":[58],"existing":[60,216],"into":[64],"locating":[65],"vulnerable":[66,146,150,179],"bits":[67,147,176,203,212],"in":[68,100,124],"target":[70],"model.":[72],"By":[73],"flipping":[74,118],"subset":[76],"of":[77,139,175,186,227],"them":[78],"using":[79],"Rowhammer,":[80],"crash":[83],"that":[84],"model":[85,140,206],"within":[86],"30":[87],"trails.":[88],"In":[89],"this":[90],"paper,":[91],"we":[92,130,231],"propose":[93],"lightweight":[95],"and":[96,105,113,142,207,209,221,240],"easy-to-deploy":[97],"defense":[98,244],"mechanism":[99],"bit-level,":[102],"Randomized":[103],"Rotated":[104],"Nonlinear":[106],"Encoding":[107],"(RREC),":[108],"which":[109],"generates":[110],"both":[111],"robustness":[112],"fault-tolerant":[114],"against":[115,234],"BFA.":[116],"Since":[117],"most":[120],"significant":[121],"bit":[122,137,189],"(MSB)":[123],"quantized":[125],"data":[126,141],"is":[127],"too":[128],"dangerous,":[129],"introduce":[131],"randomized":[132],"Rotation":[133],"obfuscate":[135],"order":[138],"efficiently":[143],"hide":[144],"truly":[145],"with":[148,194,214,223],"less":[149],"ones.":[151],"Further,":[152],"RREC":[153,182,197,233],"reduces":[154],"average":[156],"bit-flipped":[157],"distance":[158,171],"by":[159],"more":[160,199,211],"than":[161,200],"3x":[162],"from":[163,246],"nonlinear":[165],"encoding.":[166],"It":[167],"decreases":[168],"bit-flip":[170],"among":[172],"majority":[174],"(including":[177],"those":[178],"bits).":[180],"Theoretically,":[181],"minimized":[183],"impact":[185],"single":[188],"1/24":[192],"compared":[193,213],"baseline.":[195],"Experimentally,":[196],"tolerates":[198],"17x":[201],"flipped":[202],"versus":[204],"baseline":[205],"4.8x":[208],"5.7x":[210],"defenses":[218],"(4B":[219],"QAT":[220],"WR)":[222],"0.01x":[224],"0.08x":[226],"runtime":[228],"latency.":[229],"Moreover,":[230],"evaluate":[232],"newly":[236],"emerged":[237],"Targeted-BFA,":[239],"it":[241],"improves":[242],"rate":[245],"<inline-formula><tex-math":[247,250],"notation=\"LaTeX\">$5\\%$</tex-math></inline-formula>":[248],"notation=\"LaTeX\">$95\\%$</tex-math></inline-formula>":[251],".":[252]},"counts_by_year":[{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":15},{"year":2023,"cited_by_count":9}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}