Forget and Rewire: Enhancing the Resilience of Transformer-based Models against Bit-Flip Attacks
Najmeh Nazari, Hossein Sayadi, Setareh Rafatirad, Khaled N. Khasawneh, Houman Homayoun
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In an era where **Transformer-based models** underpin a vast array of critical applications, from sophisticated text generation to precise image classification, their inherent vulnerabilities pose a significant threat. This talk, presented by Najmeh Nazari from the University of California Davis, along with her co-authors, delves into a novel approach to fortify these powerful models against insidious **bit-flip attacks**. The core of their research introduces an operation dubbed "Forget and Rewire" (F&R), drawing inspiration from neuroplasticity to dynamically reconfigure model connections, thereby enhancing resilience without compromising performance.
AI review
This research introduces "Forget and Rewire" (F&R), a novel, neuroplasticity-inspired defense against bit-flip attacks in Transformer models. By intelligently redistributing critical parameter importance, F&R quadratically increases attacker effort while maintaining model accuracy and requiring no retraining. It's a practical, high-impact defense for real-world AI deployment.