Deep Learning Models Under Threat: RowPress Attack Exposes Vulnerabilities

Saturday 01 February 2025

Deep learning models have revolutionized many fields, but they are vulnerable to attacks that can significantly degrade their performance. One type of attack is called RowPress, which targets the memory chips used in these models. In a recent study, researchers have explored the impact of RowPress on deep neural networks and found some alarming results.

RowPress works by manipulating the memory cells in the DRAM (Dynamic Random Access Memory) chips used to store the model’s weights and biases. By selectively flipping bits in these memory cells, an attacker can cause the model to behave erratically or make incorrect predictions. The study found that RowPress is significantly more effective at degrading model performance than another type of attack called RowHammer.

The researchers tested RowPress on a range of deep learning models, including those used for image and speech recognition. They found that even with a relatively small number of bit flips, the models’ accuracy could be significantly reduced. In some cases, the models were unable to learn at all after being attacked by RowPress.

One of the most concerning aspects of RowPress is its potential to be used in real-world attacks. The study showed that an attacker could use RowPress to steal sensitive information or disrupt critical systems without being detected. For example, an attacker could use RowPress to compromise a self-driving car’s navigation system or a medical device’s diagnosis software.

The researchers also found that existing defenses against RowHammer were not effective against RowPress. This means that developers of deep learning models must take additional steps to protect their systems from this type of attack.

To mitigate the effects of RowPress, the researchers proposed several solutions. These included using more robust memory cells, implementing additional security measures such as encryption and access controls, and developing new algorithms that are resistant to bit flips.

The study’s findings have significant implications for the development and deployment of deep learning models. As these models become increasingly ubiquitous in our daily lives, it is essential that developers take steps to protect them from attacks like RowPress.

In addition to its potential use in real-world attacks, RowPress also highlights the need for more robust testing and validation of deep learning models. The study’s findings suggest that even highly complex models can be vulnerable to bit flips, which underscores the importance of rigorous testing and validation procedures.

Overall, the study’s results are a wake-up call for the development community.

Cite this article: “Deep Learning Models Under Threat: RowPress Attack Exposes Vulnerabilities”, The Science Archive, 2025.

Deep Learning, Rowpress, Memory Chips, Dram, Attacks, Neural Networks, Image Recognition, Speech Recognition, Security, Vulnerabilities

Reference: Ranyang Zhou, Jacqueline T. Liu, Sabbir Ahmed, Shaahin Angizi, Adnan Siraj Rakin, “Compromising the Intelligence of Modern DNNs: On the Effectiveness of Targeted RowPress” (2024).

Leave a ReplyCancel Reply

Related Posts

Neural USD: A Novel Approach to Object-Centric Image Editing

Integrating Information Extraction with Target Databases for Efficient Data Analysis

Breaking Barriers in Distributed Graph Algorithms: A New Algorithm for Efficiently Coloring Graphs with Bounded Neighborhood Independence

Realistic Urban Traffic Simulation for Autonomous Vehicles

Unraveling Chaos: A New Approach to Forecasting Complex Systems

ArtiLatent: A Breakthrough Framework for Realistic 3D Object Generation from Single Images