A Full-Stack Approach to Securing Compiled Neural Networks

PhD Thesis Proposal Defence


Title: "A Full-Stack Approach to Securing Compiled Neural Networks"

by

Mr. Yanzuo CHEN


Abstract:

Deep neural networks (DNNs) are increasingly deployed as compiled executables
produced by deep learning (DL) compilers to achieve high performance and
portability across heterogeneous hardware. This shift, however, fundamentally
changes the security landscape for machine learning systems: compiled DNNs
inherit existing attack surfaces, introduce new ones, and invalidate key
assumptions behind many prior defenses. This thesis argues that compiled DNNs
thus require full-stack defenses that leverage both their DNN and compiled
natures to protect them from emerging high- and low-level threats.

Starting with high-level threats like mispredictions caused by adversarial
examples and unexpected inputs, the thesis first introduces OBSan, a fast,
post hoc sanitizer to expose these attacks during inference. By detecting
out-of-bound (OOB) behaviors using lightweight computational operators
instrumented into compiled DNNs, OBSan strikes a good balance between
detection effectiveness and performance overhead compared to prior methods.
Moving down to systems- and infrastructure-level threats, the thesis then
reveals that DNN compilation introduces pervasive, structure-driven bit-flip
attack (BFA) surfaces which enable new high-impact, low-cost attacks that can
also render current defenses ineffective: attackers can turn a model into a
random guessor with a single bit flip and remain undetected by
state-of-the-art defenses. Finally, it delivers BitShield, a practical,
in-executable defense to mitigate BFAs on compiled DNNs. By introducing
semantic integrity checks coupled with code checksums, BitShield provides
proactive protection against both existing and new BFAs while maintaining a
production-suitable overhead.

Collectively, these contributions establish both the necessity and
effectiveness of a comprehensive protection framework for compiled neural
networks and provide a foundation for future work on emerging security
challenges in DL compilation and deployment.


Date:                   Wednesday, 28 January 2026

Time:                   1:00pm - 3:00pm

Zoom Meeting:
https://hkust.zoom.us/j/97792434187?pwd=bFOlYH1aYd832NlR1WWQdWpckoA6Xc.1

Committee Members:      Dr. Shuai Wang (Supervisor)
                        Dr. Binhang Yuan (Chairperson)
                        Dr. Dimitris Papadopoulos
Privacy Sitemap
A Full-Stack Approach to Securing Compiled Neural Networks

About

People

Research

Academics

Admissions
