Title: Towards a Universal Defense Strategy Against Sparse, Continuous, and Structured Parameter Attacks

Abstract:

As deep neural networks are increasingly integrated into heterogeneous and partially untrusted environments, their distribution mechanisms—ranging from cloud storage and CI/CD pipelines to containerized services and edge execution platforms—create a complex landscape for model integrity. This widespread deployment exposes model parameters to a variety of security risks. In contrast to adversarial attacks that target input data, parameter attacks manipulate the internal weights of the model, with effects that persist across all future inferences. Current defensive measures are often inadequate, as they typically demand retraining, cause substantial drops in accuracy, or apply only to narrow categories of attacks. However, in practical scenarios, the specific nature of parameter attacks is frequently unpredictable.

To mitigate these vulnerabilities, we introduce ParDef, a generalized defense mechanism designed to protect deep neural networks against a wide spectrum of parameter attacks. ParDef combines three core components: keyed channel reparameterization, which masks sensitive parameter directions; QC-LDPC quantization, which introduces redundancy to facilitate error correction; and adaptive robust inference, which ensures stable predictions amidst uncertainty. We evaluated ParDef on CIFAR-10, CIFAR-100, and Tiny-ImageNet datasets using ResNet and VGG architectures. The results show that ParDef effectively lowers attack success rates across various parameter attack types while preserving high model performance and imposing only moderate overhead during deployment. These findings underscore ParDef’s viability as a practical and generalized solution for securing DNN deployments.

Source: arXiv Generated at: 2026-06-04 00:00:00 UTC