TY - GEN
T1 - Hammering the Diagnosis
T2 - 43rd International Conference on Computer Design, ICCD 2025
AU - Latibari, Banafsheh Saber
AU - Nazari, Najmeh
AU - Sayadi, Hossein
AU - Homayoun, Houman
AU - Mahalanobis, Abhijit
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Vision Transformers (ViTs) have emerged as powerful architectures in medical image analysis, excelling in tasks such as disease detection, segmentation, and classification. However, their reliance on large, attention-driven models makes them vulnerable to hardware-level attacks. In this paper, we propose a novel threat model referred to as Med-Hammer that combines the Rowhammer hardware fault injection with neural Trojan attacks to compromise the integrity of ViT-based medical imaging systems. Specifically, we demonstrate how malicious bit flips induced via Rowhammer can trigger implanted neural Trojans, leading to targeted misclassification or suppression of critical diagnoses (e.g., tumors or lesions) in medical scans. Through extensive experiments on benchmark medical imaging datasets such as ISIC, Braib Tumor, and MedMNIST, we show that such attacks can remain stealthy while achieving high attack success rates about 82.51% and 92.56% in MobileViT and SwinTransformer, respectively. We further investigate how architectural properties, such as model sparsity, attention weight distribution, and number of features of the layer, impact attack effectiveness. Our findings highlight a critical and underexplored intersection between hardware-level faults and deep learning security in healthcare applications, underscoring the urgent need for robust defenses spanning both model architectures and underlying hardware platforms.
AB - Vision Transformers (ViTs) have emerged as powerful architectures in medical image analysis, excelling in tasks such as disease detection, segmentation, and classification. However, their reliance on large, attention-driven models makes them vulnerable to hardware-level attacks. In this paper, we propose a novel threat model referred to as Med-Hammer that combines the Rowhammer hardware fault injection with neural Trojan attacks to compromise the integrity of ViT-based medical imaging systems. Specifically, we demonstrate how malicious bit flips induced via Rowhammer can trigger implanted neural Trojans, leading to targeted misclassification or suppression of critical diagnoses (e.g., tumors or lesions) in medical scans. Through extensive experiments on benchmark medical imaging datasets such as ISIC, Braib Tumor, and MedMNIST, we show that such attacks can remain stealthy while achieving high attack success rates about 82.51% and 92.56% in MobileViT and SwinTransformer, respectively. We further investigate how architectural properties, such as model sparsity, attention weight distribution, and number of features of the layer, impact attack effectiveness. Our findings highlight a critical and underexplored intersection between hardware-level faults and deep learning security in healthcare applications, underscoring the urgent need for robust defenses spanning both model architectures and underlying hardware platforms.
KW - Medical Imaging
KW - Rowhammer
KW - Security
KW - Trojan
KW - Vision Transformer
UR - https://www.scopus.com/pages/publications/105032501221
UR - https://www.scopus.com/pages/publications/105032501221#tab=citedBy
U2 - 10.1109/ICCD65941.2025.00070
DO - 10.1109/ICCD65941.2025.00070
M3 - Conference contribution
AN - SCOPUS:105032501221
T3 - Proceedings - IEEE International Conference on Computer Design: VLSI in Computers and Processors
SP - 450
EP - 457
BT - Proceedings - 2025 IEEE 43rd International Conference on Computer Design, ICCD 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 10 November 2025 through 12 November 2025
ER -