BitShield: Defending Against Bit-Flip Attacks on DNN Executables
Yanzuo Chen
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · DNN Attack Surfaces
As artificial intelligence (AI) systems become increasingly integrated into critical aspects of daily life, ranging from autonomous vehicles to financial services, the imperative for their robust security grows exponentially. Insecure AI systems can lead to severe consequences, including misclassifications, financial losses, or even dangerous operational failures. While much attention has historically been paid to high-level adversarial attacks like adversarial examples, backdoors, and model stealing, this talk by Yanzuo Chen, a joint work with Yen Leang and Wangai, delves into a more fundamental and often overlooked threat: **bit-flip attacks (BFAs)** on Deep Neural Network (DNN) executables.
AI review
BitShield addresses a genuinely underexplored attack surface — the compiled code of DNN executables, not just model weights — and backs it with a technically coherent defense combining semantic monitoring, checksum fusion via masking/unmasking, and canary-based early termination. The results are credible: 100% mitigation of code-based BFAs and 93% reduction in weight-based ASR at 2.47% overhead. This is real systems security work, not ML security theater.