Artificial intelligence models run with NVIDIA GPUs could have their accuracy decrease from 80% to 0.1% through the new RowHammer attack variant dubbed "GPUHammer", reports The Hacker News.
With a significant reduction in AI model accuracy resulting from the tampering of ImageNet deep neural network models with a single-bit flip, GPUHammer could also be exploited to facilitate model parameter corruption, a study from University of Toronto researchers revealed. "Enabling Error Correction Codes (ECC) can mitigate this risk, but ECC can introduce up to a 10% slowdown for [machine learning] inference workloads on an A6000 GPU," said researchers. NVIDIA has likewise recommended the activation of system-level ECC to protect GPUs from the intrusion. "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings," noted NVIDIA. Such a development comes after NTT Social Informatics Laboratories and CentraleSupelec researchers' discovery of another RowHammer attack derivative dubbed "CrowHammer," which could compromise the Falcon post-quantum signature scheme.
With a significant reduction in AI model accuracy resulting from the tampering of ImageNet deep neural network models with a single-bit flip, GPUHammer could also be exploited to facilitate model parameter corruption, a study from University of Toronto researchers revealed. "Enabling Error Correction Codes (ECC) can mitigate this risk, but ECC can introduce up to a 10% slowdown for [machine learning] inference workloads on an A6000 GPU," said researchers. NVIDIA has likewise recommended the activation of system-level ECC to protect GPUs from the intrusion. "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings," noted NVIDIA. Such a development comes after NTT Social Informatics Laboratories and CentraleSupelec researchers' discovery of another RowHammer attack derivative dubbed "CrowHammer," which could compromise the Falcon post-quantum signature scheme.
