Seeds of SEED: NMT-Stroke: Diverting Neural Machine Translation through Hardware-based Faults
- 1 September 2021
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2021 International Symposium on Secure and Private Execution Environment Design (SEED)
Abstract
The rapid development of deep learning has significantly bolstered the performance of natural language processing (NLP) in the form of language modeling. Recent advances in hardware security studies have demonstrated that hardware-based threats can severely jeopardize the integrity of computing systems (e.g., fault attacks for data at rest). Internal adversaries exploiting such hardware vulnerabilities are becoming a major security concern. Yet the impact of hardware faults on systems running NLP models has not been fully understood.In this paper, we perform the first investigation of hardware-based fault injections in modern neural machine translation (NMT) models. We find that compared to neural network classifiers (e.g., CNNs), fault attacks on NMT models present unique challenges. We propose a novel attack framework–NMT-Stroke–that can maliciously divert the translation of a victim NMT model by modeling memory fault injections with the rowhammer attack vector. We design a fault injection strategy to minimize bit flips needed, which would mislead the translation to an arbitrary natural output sentence. Our evaluation on state-of-the-art Transformer-based NMT models shows that NMT-Stroke can effectively induce the attacker-desired and linguistically sound translation by faulting minimal parameter bits. Our work highlights the significance of understanding the robustness of emerging NLP models with the presence of hardware vulnerabilities, which could lead to future new research directions.Keywords
This publication has 26 references indexed in Scilit:
- A Survey on Automatic Detection of Hate Speech in TextACM Computing Surveys, 2018
- Survey of the State of the Art in Natural Language Generation: Core tasks, applications and evaluationJournal of Artificial Intelligence Research, 2018
- Trojaning Attack on Neural NetworksPublished by Internet Society ,2018
- Adversarial Examples for Evaluating Reading Comprehension SystemsPublished by Association for Computational Linguistics (ACL) ,2017
- Crafting adversarial input sequences for recurrent neural networksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- DrammerPublished by Association for Computing Machinery (ACM) ,2016
- ANVILACM SIGPLAN Notices, 2016
- Flipping bits in memory without accessing themACM SIGARCH Computer Architecture News, 2014
- Findings of the 2014 Workshop on Statistical Machine TranslationPublished by Association for Computational Linguistics (ACL) ,2014
- Long Short-Term MemoryNeural Computation, 1997