Memory and Storage
Similar to conventional programs, hardware infrastructures can also introduce threats to LLMs. Memory-related vulnerabilities, such as rowhammer attacks [160], can be leveraged to manipulate the parameters of LLMs, giving rise to attacks such as the Deephammer attack [167], [168].
ENTITY
1 - Human
INTENT
1 - Intentional
TIMING
1 - Pre-deployment
Risk ID
mit27
Domain lineage
2. Privacy & Security
2.2 > AI system security vulnerabilities and attacks
Mitigation strategy
1. **Implement Hardware-Level Rowhammer Mitigations:** Utilize advanced hardware features such as **Target Row Refresh (TRR)**, **Probabilistic Row Activation Counting (PRAC)**, or machine learning-based detection within the memory controller (MC) or DRAM to reliably detect and prevent aggressive memory access patterns that induce bit flips. This directly addresses the underlying hardware vulnerability. 2. **Deploy Runtime Model Integrity Verification:** Employ integrity verification mechanisms (e.g., **HashTAG** or checksums) at runtime to continuously monitor the model's parameters. This allows for the immediate detection of unauthorized modifications, such as those caused by bit-flip attacks, and ensures the integrity of the Large Language Model's (LLM) weights before inference. 3. **Incorporate Model-Level Bit-Flip Attack (BFA) Defenses:** Integrate defensive techniques at the neural network architecture level, such as **model obfuscation** (e.g., inserting dummy layers or neurons) or **quantization/binarization** of model weights. These methods are designed to significantly increase the number of precise bit flips required to degrade the model's accuracy, thus raising the cost and difficulty of a successful DeepHammer-style attack.