pith. sign in

arxiv: 2505.06335 · v2 · submitted 2025-05-09 · 💻 cs.LG · cs.AI· cs.CR

Remote Rowhammer Attack using Adversarial Observations on Federated Learning Clients

Jinsheng Yuan , Yuhang Hao , Weisi Guo , Yun Wu , Chongyan Gu This is my paper

Pith reviewed 2026-05-22 15:19 UTC · model grok-4.3

classification 💻 cs.LG cs.AIcs.CR
keywords federated learningrowhammer attackreinforcement learningadversarial attackmemory securityautomatic speech recognitionremote attack
0
0 comments X

The pith

A reinforcement learning attacker can remotely trigger Rowhammer bit flips on a federated learning server by manipulating client sensor observations.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that an attacker can use reinforcement learning to select adversarial inputs for one client in a federated learning system, forcing the central server to perform high-frequency repetitive memory updates. In a large-scale automatic speech recognition model with sparse updates, the method reaches roughly 70 percent repeated update rate. This repetition enables a remote Rowhammer attack that flips bits in server DRAM, corrupting the shared model or creating other security issues. The work establishes this without any backdoor access to the server, which challenges the common view that client diversity provides strong protection. The demonstration focuses on real FL setups where sparse gradient updates make memory reuse patterns exploitable.

Core claim

By training a reinforcement learning attacker to manipulate client sensor observations in a federated learning automatic speech recognition system, it is possible to maximize the repeated update rate to around 70 percent on the server, leading to remote Rowhammer-induced bit flips in server DRAM without requiring any backdoor access to the server.

What carries the argument

Reinforcement learning agent that maximizes the repeated update rate through adversarial manipulation of client sensor observations.

Load-bearing premise

Manipulating a client's sensor observation is sufficient to control and maximize the frequency of repetitive memory updates on the server in a way that reliably triggers Rowhammer bit flips.

What would settle it

Deploy the trained RL agent in a live federated learning ASR deployment, monitor server DRAM for bit flips once the repeated update rate exceeds 50 percent, and check whether the observed flips match the locations predicted by the attack model.

Figures

Figures reproduced from arXiv: 2505.06335 by Chongyan Gu, Jinsheng Yuan, Weisi Guo, Yuhang Hao, Yun Wu.

Figure 1
Figure 1. Figure 1: Framework of our proposed attack vector. a) a PPO agent generates [PITH_FULL_IMAGE:figures/full_fig_p001_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Memory allocation of FL CNN server model with PyTorch (Process-I), and access pattern at communication when receiving and processing sparse [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: DRAM access pathways and processes of FL. a) DRAM access [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Repeated Update Rate of target models with sparsity of 0.1% [PITH_FULL_IMAGE:figures/full_fig_p010_4.png] view at source ↗
read the original abstract

Federated Learning (FL) has the potential for simultaneous global learning amongst a large number of parallel agents, enabling emerging AI such as LLMs to be trained across demographically diverse data. Central to this being efficient is the ability for FL to perform sparse gradient updates and remote direct memory access at the central server. Most of the research in FL security focuses on protecting data privacy at the edge client or in the communication channels between the client and server. Client-facing attacks on the server are less well investigated as the assumption is that a large collective of clients offer resilience. Here, we show that by attacking certain clients that lead to a high frequency repetitive memory update in the server, we can remote initiate a rowhammer attack on the server memory. For the first time, we do not need backdoor access to the server, and a reinforcement learning (RL) attacker can learn how to maximize server repetitive memory updates by manipulating the client's sensor observation. The consequence of the remote rowhammer attack is that we are able to achieve bit flips, which can corrupt the server memory. We demonstrate the feasibility of our attack using a large-scale FL automatic speech recognition (ASR) systems with sparse updates, our adversarial attacking agent can achieve around 70% repeated update rate (RUR) in the targeted server model, effectively inducing bit flips on server DRAM. The security implications are that can cause disruptions to learning or may inadvertently cause elevated privilege. This paves the way for further research on practical mitigation strategies in FL and hardware design.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript proposes a remote Rowhammer attack on Federated Learning servers. A reinforcement learning agent manipulates client sensor observations to maximize repetitive memory updates at the server, claiming this induces bit flips in server DRAM. The demonstration uses a large-scale FL automatic speech recognition system with sparse updates, reporting an approximately 70% repeated update rate (RUR) that the authors state effectively corrupts server memory.

Significance. If the experimental link from RUR to actual Rowhammer bit flips holds, the result would identify a previously under-explored client-to-server attack vector in FL systems that rely on remote direct memory access and sparse updates. It would motivate further work on hardware-software security for distributed training. The current manuscript supplies no hardware traces, address instrumentation, or verification protocol, so the significance cannot yet be assessed.

major comments (2)
  1. Abstract: the statement that the 70% RUR 'effectively inducing bit flips on server DRAM' is load-bearing for the central claim yet supplies no description of how logical parameter updates map onto the physical DRAM row activations (repeated aggressor-row accesses exceeding 10^5 within a refresh window) required by Rowhammer. No row-buffer conflict traces or hardware-level verification are mentioned.
  2. Demonstration of the large-scale FL ASR system: the abstract asserts successful bit flips but provides no experimental setup details, baseline comparisons, error analysis, or method for confirming that server aggregation produced the precise access sequence needed for Rowhammer. This prevents evaluation of the data-to-claim link.
minor comments (2)
  1. The acronym RUR is used in the abstract without an explicit definition on first use.
  2. The security-implications paragraph could be expanded with a brief discussion of whether the attack requires knowledge of the server model architecture or only black-box observation of update frequency.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for their constructive feedback on our manuscript. The comments highlight important aspects regarding the connection between our proposed attack and actual Rowhammer effects, as well as the need for more detailed experimental reporting. We will make revisions to address these points by clarifying claims and expanding experimental descriptions.

read point-by-point responses

  1. Referee: Abstract: the statement that the 70% RUR 'effectively inducing bit flips on server DRAM' is load-bearing for the central claim yet supplies no description of how logical parameter updates map onto the physical DRAM row activations (repeated aggressor-row accesses exceeding 10^5 within a refresh window) required by Rowhammer. No row-buffer conflict traces or hardware-level verification are mentioned.

    Authors: We acknowledge that the current abstract phrasing suggests a direct demonstration of bit flips, which our experiments do not provide at the hardware level. Our contribution centers on using RL to maximize the repeated update rate (RUR) to create conditions known to trigger Rowhammer in DRAM with RDMA. We will revise the abstract to state that the attack achieves a high RUR that can lead to Rowhammer bit flips based on established DRAM vulnerability thresholds. We will also add a paragraph in the introduction or methods section detailing the logical-to-physical mapping, assuming standard row activation patterns from sparse updates in FL servers. Since our evaluation is performed in simulation, we cannot include physical row-buffer traces or hardware verification at this time. revision: partial

  2. Referee: Demonstration of the large-scale FL ASR system: the abstract asserts successful bit flips but provides no experimental setup details, baseline comparisons, error analysis, or method for confirming that server aggregation produced the precise access sequence needed for Rowhammer. This prevents evaluation of the data-to-claim link.

    Authors: We agree that additional details are necessary for reproducibility and evaluation. In the revised manuscript, we will include a dedicated experimental setup subsection describing the ASR model, the federated learning framework, client data, and server-side aggregation with RDMA. We will provide baseline comparisons, such as non-adversarial client behaviors and simple heuristic attacks, along with statistical error analysis (e.g., standard deviation of RUR over 10 runs). We will also explain our method for modeling the memory access sequences resulting from the aggregated updates, based on tracking update frequencies and assuming contiguous memory allocation for model parameters. revision: yes

standing simulated objections not resolved
  • Direct hardware-level verification of Rowhammer bit flips, including row-buffer conflict traces and address instrumentation, as the current work relies on simulated achievement of high RUR without physical DRAM access.

Circularity Check

0 steps flagged

No circularity: experimental demonstration of RL attack with independent empirical results

full rationale

The paper presents an empirical attack demonstration rather than a mathematical derivation chain. The core claim rests on training an RL agent to manipulate client sensor observations in a federated ASR system, measuring a resulting 70% repeated update rate (RUR) on the server, and asserting this induces Rowhammer bit flips. No equations, fitted parameters renamed as predictions, self-definitional constructs, or load-bearing self-citations appear in the provided text. The RUR metric and bit-flip outcome are reported as direct experimental measurements, not derived by construction from prior inputs or ansatzes. The skeptic concern about mapping logical updates to physical DRAM patterns is a question of experimental validity and assumption strength, not circularity in any derivation.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The paper depends on the domain assumption that FL systems perform sparse gradient updates and remote direct memory access at the server, and introduces an RL attacker without external falsifiable evidence beyond the claimed demonstration.

axioms (1)
  • domain assumption Federated learning performs sparse gradient updates and remote direct memory access at the central server.
    Explicitly stated as central to efficiency in the abstract.
invented entities (1)
  • Reinforcement learning attacker no independent evidence
    purpose: To learn how to maximize server repetitive memory updates by manipulating the client's sensor observation.
    Introduced as the mechanism for the remote attack.

pith-pipeline@v0.9.0 · 5815 in / 1467 out tokens · 49747 ms · 2026-05-22T15:19:11.904538+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

47 extracted references · 47 canonical work pages · 4 internal anchors

  1. [1]

    Communication-efficient learning of deep networks from decentralized data,

    B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” inArtificial intelligence and statistics. PMLR, 2017

    work page 2017

  2. [2]

    Advances and open problems in federated learning,

    P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, M. Bennis, A. N. Bhagoji, K. Bonawitz, Z. Charles, G. Cormode, R. Cummingset al., “Advances and open problems in federated learning,”Foundations and trends® in machine learning, vol. 14, no. 1–2, 2021. 12

    work page 2021

  3. [3]

    Flipping bits in memory without accessing them: An experimental study of dram disturbance errors,

    Y . Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu, “Flipping bits in memory without accessing them: An experimental study of dram disturbance errors,”ACM SIGARCH Computer Architecture News, vol. 42, no. 3, pp. 361–372, 2014

    work page 2014

  4. [4]

    Trrespass: Exploiting the many sides of target row refresh,

    P. Frigo, E. Vannacc, H. Hassan, V . Van Der Veen, O. Mutlu, C. Giuf- frida, H. Bos, and K. Razavi, “Trrespass: Exploiting the many sides of target row refresh,” in2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020, pp. 747–762

    work page 2020

  5. [5]

    Zenhammer: Rowhammer attacks on amd zen-based platforms,

    P. Jattke, M. Wipfli, F. Solt, M. Marazzi, M. B ¨olcskei, and K. Razavi, “Zenhammer: Rowhammer attacks on amd zen-based platforms,” in 33rd USENIX Security Symposium (USENIX Security 2024), 2024

    work page 2024

  6. [6]

    Exploiting the dram rowhammer bug to gain kernel privileges,

    M. Seaborn and T. Dullien, “Exploiting the dram rowhammer bug to gain kernel privileges,”Black Hat, vol. 15, no. 71, p. 2, 2015

    work page 2015

  7. [7]

    Rowhammer. js: A remote software-induced fault attack in javascript,

    D. Gruss, C. Maurice, and S. Mangard, “Rowhammer. js: A remote software-induced fault attack in javascript,” inDetection of Intrusions and Malware, and Vulnerability Assessment: 13th International Confer- ence, DIMVA 2016, San Sebasti ´an, Spain, July 7-8, 2016, Proceedings

    work page 2016

  8. [8]

    Springer, 2016, pp. 300–321

    work page 2016

  9. [9]

    Throwhammer: Rowhammer attacks over the network and defenses,

    A. Tatar, R. K. Konoth, E. Athanasopoulos, C. Giuffrida, H. Bos, and K. Razavi, “Throwhammer: Rowhammer attacks over the network and defenses,” in2018 USENIX Annual Technical Conference (USENIX ATC 18), 2018, pp. 213–226

    work page 2018

  10. [10]

    Robust physical-world attacks on deep learning visual classification,

    K. Eykholt, I. Evtimov, E. Fernandes, B. Li, A. Rahmati, C. Xiao, A. Prakash, T. Kohno, and D. Song, “Robust physical-world attacks on deep learning visual classification,” inProceedings of the IEEE conference on computer vision and pattern recognition, 2018

    work page 2018

  11. [11]

    Audio adversarial examples: Targeted at- tacks on speech-to-text,

    N. Carlini and D. Wagner, “Audio adversarial examples: Targeted at- tacks on speech-to-text,” in2018 IEEE security and privacy workshops (SPW). IEEE, 2018, pp. 1–7

    work page 2018

  12. [12]

    Rowhammer: A retrospective,

    O. Mutlu and J. S. Kim, “Rowhammer: A retrospective,”IEEE Trans- actions on Computer-Aided Design of Integrated Circuits and Systems, vol. 39, no. 8, pp. 1555–1571, 2019

    work page 2019

  13. [13]

    Uncovering in-dram rowhammer protection mechanisms: A new methodology, custom rowhammer patterns, and implications,

    H. Hassan, Y . C. Tugrul, J. S. Kim, V . Van der Veen, K. Razavi, and O. Mutlu, “Uncovering in-dram rowhammer protection mechanisms: A new methodology, custom rowhammer patterns, and implications,” inMICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture, 2021, pp. 1198–1213

    work page 2021

  14. [14]

    {SMASH}: Synchronized many-sided rowhammer attacks from{JavaScript},

    F. de Ridder, P. Frigo, E. Vannacci, H. Bos, C. Giuffrida, and K. Razavi, “{SMASH}: Synchronized many-sided rowhammer attacks from{JavaScript},” in30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 1001–1018

    work page 2021

  15. [15]

    Trrscope: Understanding target row refresh mechanism for modern ddr protec- tion,

    Y . Jiang, H. Zhu, H. Shan, X. Guo, X. Zhang, and Y . Jin, “Trrscope: Understanding target row refresh mechanism for modern ddr protec- tion,” in2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 2021, pp. 239–247

    work page 2021

  16. [16]

    Anvil: Software-based protection against next-generation rowhammer attacks,

    Z. B. Aweke, S. F. Yitbarek, R. Qiao, R. Das, M. Hicks, Y . Oren, and T. Austin, “Anvil: Software-based protection against next-generation rowhammer attacks,”ACM SIGPLAN Notices, vol. 51, no. 4, 2016

    work page 2016

  17. [17]

    Exploiting correcting codes: On the effectiveness of ecc memory against rowhammer attacks,

    L. Cojocar, K. Razavi, C. Giuffrida, and H. Bos, “Exploiting correcting codes: On the effectiveness of ecc memory against rowhammer attacks,” in2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019

    work page 2019

  18. [18]

    Are we susceptible to rowhammer? an end-to-end method- ology for cloud providers,

    L. Cojocar, J. Kim, M. Patel, L. Tsai, S. Saroiu, A. Wolman, and O. Mutlu, “Are we susceptible to rowhammer? an end-to-end method- ology for cloud providers,” in2020 IEEE symposium on security and privacy (SP). IEEE, 2020, pp. 712–728

    work page 2020

  19. [19]

    One bit flips, one cloud flops:{Cross-VM}row hammer attacks and privilege escalation,

    Y . Xiao, X. Zhang, Y . Zhang, and R. Teodorescu, “One bit flips, one cloud flops:{Cross-VM}row hammer attacks and privilege escalation,” in25th USENIX security symposium, 2016, pp. 19–35

    work page 2016

  20. [20]

    {SledgeHammer}: Amplifying rowham- mer via bank-level parallelism,

    I. Kang, W. Wang, J. Kim, S. van Schaik, Y . Tobah, D. Genkin, A. Kwong, and Y . Yarom, “{SledgeHammer}: Amplifying rowham- mer via bank-level parallelism,” in33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 1597–1614

    work page 2024

  21. [21]

    {DRAMA}: Exploiting{DRAM}addressing for{Cross-CPU}at- tacks,

    P. Pessl, D. Gruss, C. Maurice, M. Schwarz, and S. Mangard, “{DRAMA}: Exploiting{DRAM}addressing for{Cross-CPU}at- tacks,” in25th USENIX security symposium (USENIX security 16), 2016, pp. 565–581

    work page 2016

  22. [22]

    A new approach for rowhammer attacks,

    R. Qiao and M. Seaborn, “A new approach for rowhammer attacks,” in2016 IEEE international symposium on hardware oriented security and trust (HOST). IEEE, 2016, pp. 161–166

    work page 2016

  23. [23]

    Sgx-bomb: Locking down the processor via rowhammer attack,

    Y . Jang, J. Lee, S. Lee, and T. Kim, “Sgx-bomb: Locking down the processor via rowhammer attack,” inProceedings of the 2nd Workshop on System Software for Trusted Execution, 2017, pp. 1–6

    work page 2017

  24. [24]

    Nethammer: Inducing rowhammer faults through network requests,

    M. Lipp, M. Schwarz, L. Raab, L. Lamster, M. T. Aga, C. Maurice, and D. Gruss, “Nethammer: Inducing rowhammer faults through network requests,” in2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 2020, pp. 710–719

    work page 2020

  25. [25]

    CUDA C++ Programming Guide,

    NVIDIA Corporation, “CUDA C++ Programming Guide,” https://docs.nvidia.com/cuda/cuda-c-programming-guide/index.html, 2024, accessed: 2026-04-15

    work page 2024

  26. [26]

    Transparent Huge Pages,

    Linux Kernel, “Transparent Huge Pages,” https://www.kernel.org/doc/html/latest/admin- guide/mm/transhuge.html, 2024, accessed: 2026-04-15

    work page 2024

  27. [27]

    Fe- drdma: Communication-efficient cross-silo federated llm via chunked rdma transmission,

    Z. Zhang, D. Cai, Y . Zhang, M. Xu, S. Wang, and A. Zhou, “Fe- drdma: Communication-efficient cross-silo federated llm via chunked rdma transmission,” inProceedings of the 4th Workshop on Machine Learning and Systems, 2024, pp. 126–133

    work page 2024

  28. [28]

    Intriguing properties of neural networks

    C. Szegedy, “Intriguing properties of neural networks,”arXiv1312.6199, 2013

    work page internal anchor Pith review Pith/arXiv arXiv 2013

  29. [29]

    Explaining and Harnessing Adversarial Examples

    I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,”arXiv1412.6572, 2014

    work page internal anchor Pith review Pith/arXiv arXiv 2014

  30. [30]

    Adversarial examples in the physical world,

    A. Kurakin, I. J. Goodfellow, and S. Bengio, “Adversarial examples in the physical world,” inArtificial intelligence safety and security. Chapman and Hall/CRC, 2018, pp. 99–112

    work page 2018

  31. [31]

    Adversarial Patch

    T. B. Brown, D. Man ´e, A. Roy, M. Abadi, and J. Gilmer, “Adversarial patch,”arXiv1712.09665, 2017

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  32. [32]

    Robust Physical-World Attacks on Deep Learning Models

    I. Evtimov, K. Eykholt, E. Fernandes, T. Kohno, B. Li, A. Prakash, A. Rahmati, and D. Song, “Robust physical-world attacks on machine learning models,”arXiv1707.08945, vol. 2, no. 3, p. 4, 2017

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  33. [33]

    Synthesizing robust adversarial examples,

    A. Athalye, L. Engstrom, A. Ilyas, and K. Kwok, “Synthesizing robust adversarial examples,” inInternational conference on machine learning. PMLR, 2018, pp. 284–293

    work page 2018

  34. [34]

    Adversarial camouflage: Hiding physical-world attacks with natural styles,

    R. Duan, X. Ma, Y . Wang, J. Bailey, A. K. Qin, and Y . Yang, “Adversarial camouflage: Hiding physical-world attacks with natural styles,” inProceedings of the IEEE/CVF conference on computer vision and pattern recognition, 2020, pp. 1000–1008

    work page 2020

  35. [35]

    {CommanderSong}: a sys- tematic approach for practical adversarial voice recognition,

    X. Yuan, Y . Chen, Y . Zhao, Y . Long, X. Liu, K. Chen, S. Zhang, H. Huang, X. Wang, and C. A. Gunter, “{CommanderSong}: a sys- tematic approach for practical adversarial voice recognition,” in27th USENIX security symposium (USENIX security 18), 2018

    work page 2018

  36. [36]

    Hidden voice commands: Attacks and defenses on the vcs of autonomous driving cars,

    M. Zhou, Z. Qin, X. Lin, S. Hu, Q. Wang, and K. Ren, “Hidden voice commands: Attacks and defenses on the vcs of autonomous driving cars,”IEEE Wireless Communications, vol. 26, no. 5, 2019

    work page 2019

  37. [37]

    C., Parmar, N., Zhang, Y., Yu, J.,

    A. Gulati, J. Qin, C.-C. Chiu, N. Parmar, Y . Zhang, J. Yu, W. Han, S. Wang, Z. Zhang, Y . Wuet al., “Conformer: Convolution-augmented transformer for speech recognition,”arXiv2005.08100, 2020

    work page arXiv 2020

  38. [38]

    Squeezeformer: An efficient transformer for automatic speech recognition,

    S. Kim, A. Gholami, A. Shaw, N. Lee, K. Mangalam, J. Malik, M. W. Mahoney, and K. Keutzer, “Squeezeformer: An efficient transformer for automatic speech recognition,”Advances in Neural Information Processing Systems, vol. 35, pp. 9361–9373, 2022

    work page 2022

  39. [39]

    Quartznet: Deep auto- matic speech recognition with 1d time-channel separable convolutions,

    S. Kriman, S. Beliaev, B. Ginsburg, J. Huang, O. Kuchaiev, V . Lavrukhin, R. Leary, J. Li, and Y . Zhang, “Quartznet: Deep auto- matic speech recognition with 1d time-channel separable convolutions,” inICASSP 2020-2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2020, pp. 6124–6128

    work page 2020

  40. [40]

    Searching for mo- bilenetv3,

    A. Howard, M. Sandler, G. Chu, L.-C. Chen, B. Chen, M. Tan, W. Wang, Y . Zhu, R. Pang, V . Vasudevanet al., “Searching for mo- bilenetv3,” inProceedings of the IEEE/CVF international conference on computer vision, 2019, pp. 1314–1324

    work page 2019

  41. [41]

    Common voice: A massively- multilingual speech corpus,

    R. Ardila, M. Branson, K. Davis, M. Henretty, M. Kohler, J. Meyer, R. Morais, L. Saunderset al., “Common voice: A massively- multilingual speech corpus,” inProceedings of the 12th Conference on Language Resources and Evaluation (LREC 2020), 2020

    work page 2020

  42. [42]

    Learning multiple layers of features from tiny images,

    A. Krizhevsky, G. Hintonet al., “Learning multiple layers of features from tiny images,” University of Toronto, Tech. Rep., 2009

    work page 2009

  43. [43]

    Curriculum learning, in: Proceedings of the 26th Annual International Conference on Machine Learning, Associa- tion for Computing Machinery, New York, NY, USA

    Y . Bengio, J. Louradour, R. Collobert, and J. Weston, “Curriculum learning,” inProceedings of the 26th Annual International Conference on Machine Learning, ser. ICML ’09. New York, NY , USA: Association for Computing Machinery, 2009, p. 41–48. [Online]. Available: https://doi.org/10.1145/1553374.1553380

    work page doi:10.1145/1553374.1553380 2009

  44. [44]

    Deep residual learning for image recognition,

    K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” inProceedings of the IEEE conference on computer vision and pattern recognition, 2016, pp. 770–778

    work page 2016

  45. [45]

    Dram bender: An extensible and versatile fpga-based infrastructure to easily test state-of-the-art dram chips,

    A. Olgun, H. Hassan, A. G. Ya ˘glıkc ¸ı, Y . C. Tu˘grul, L. Orosa, H. Luo, M. Patel, O. Ergin, and O. Mutlu, “Dram bender: An extensible and versatile fpga-based infrastructure to easily test state-of-the-art dram chips,”IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 42, no. 12, pp. 5098–5112, 2023

    work page 2023

  46. [46]

    Alveo u200 and u250 data center accelerator cards data sheet (ds962),

    “Alveo u200 and u250 data center accelerator cards data sheet (ds962),” accessed: 28-Feb-2025. [Online]. Available: https://docs.amd.com/r/en- US/ds962-u200-u250

    work page 2025

  47. [47]

    Micron ddr4 sdram rdimm mta18asf2g72pz-2g3b1 datasheet,

    “Micron ddr4 sdram rdimm mta18asf2g72pz-2g3b1 datasheet,” accessed: 28-Feb-2025. [Online]. Available: https://www.mouser.co.uk/datasheet/2/671/asf18c2gx72pz-3079314.pdf

    work page 2025