The training and development of good deep learning models is often a challenging task, thus leading individuals (developers, researchers, and practitioners alike) to use third-party models residing in public repositories, fine-tuning these models to their needs usually with little-to-no effort. Despite its undeniable benefits, this practice can lead to new attack vectors. In this paper, we demonstrate the feasibility and effectiveness of one such attack, namely malware embedding in deep learning models. We push the boundaries of current state-of-the-art by introducing MaleficNet, a technique that combines spread-spectrum channel coding with error correction techniques, injecting malicious payloads in the parameters of deep neural networks, all while causing no degradation to the model’s performance and successfully bypassing state-of-the-art detection and removal mechanisms. We believe this work will raise awareness against these new, dangerous, camouflaged threats, assist the research community and practitioners in evaluating the capabilities of modern machine learning architectures, and pave the way to research targeting the detection and mitigation of such threats.

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding / Hitaj, Dorjan; Pagnotta, Giulio; Hitaj, Briland; Mancini, Luigi V.; Perez-Cruz, Fernando. - 13556:(2022), pp. 425-444. (Intervento presentato al convegno European Symposium on Research in Computer Security tenutosi a Copenhagen, Danimarca) [10.1007/978-3-031-17143-7_21].

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

Hitaj, Dorjan
Primo
;
Pagnotta, Giulio;Hitaj, Briland;Mancini, Luigi V.;
2022

Abstract

The training and development of good deep learning models is often a challenging task, thus leading individuals (developers, researchers, and practitioners alike) to use third-party models residing in public repositories, fine-tuning these models to their needs usually with little-to-no effort. Despite its undeniable benefits, this practice can lead to new attack vectors. In this paper, we demonstrate the feasibility and effectiveness of one such attack, namely malware embedding in deep learning models. We push the boundaries of current state-of-the-art by introducing MaleficNet, a technique that combines spread-spectrum channel coding with error correction techniques, injecting malicious payloads in the parameters of deep neural networks, all while causing no degradation to the model’s performance and successfully bypassing state-of-the-art detection and removal mechanisms. We believe this work will raise awareness against these new, dangerous, camouflaged threats, assist the research community and practitioners in evaluating the capabilities of modern machine learning architectures, and pave the way to research targeting the detection and mitigation of such threats.
2022
European Symposium on Research in Computer Security
deep learning; malware; steganography; cdma
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding / Hitaj, Dorjan; Pagnotta, Giulio; Hitaj, Briland; Mancini, Luigi V.; Perez-Cruz, Fernando. - 13556:(2022), pp. 425-444. (Intervento presentato al convegno European Symposium on Research in Computer Security tenutosi a Copenhagen, Danimarca) [10.1007/978-3-031-17143-7_21].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1658421
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 4
social impact