EvilModel: Hiding Malware Inside of Neural Network Models:
Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability. By embedding malware into the neurons, malware can be delivered covertly with minor or even no impact on the performance of neural networks. Meanwhile, since the structure of the neural network models remains unchanged, they can pass the security scan of antivirus engines. Experiments show that 36.9MB of malware can be embedded into a 178MB-AlexNet model within 1% accuracy loss, and no suspicious are raised by antivirus engines in VirusTotal, which verifies the feasibility of this method. With the widespread application of artificial intelligence, utilizing neural networks becomes a forwarding trend of malware. We hope this work could provide a referenceable scenario for the defense on neural network-assisted attacks.
Journal Reference:
Wang, Zhi, Liu, Chaoge, Cui, Xiang. EvilModel: Hiding Malware Inside of Neural Network Models, (DOI: https://arxiv.org/abs/2107.08590v1)
(Score: 0) by Anonymous Coward on Friday July 23 2021, @05:38PM (1 child)
But this doesn't sound very good.
(Score: 1, Offtopic) by Tork on Friday July 23 2021, @06:33PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by MIRV888 on Friday July 23 2021, @05:48PM
Because this is how you get Borg.
(Score: 1, Insightful) by Anonymous Coward on Friday July 23 2021, @05:53PM (2 children)
65 million free parameters in a black box that promises to Solve Your Problems(tm). Duh duh duh.
(Score: 0) by Anonymous Coward on Friday July 23 2021, @05:56PM (1 child)
Don't forget to check out BrittanySperes.exe.
(Score: 1, Informative) by Anonymous Coward on Friday July 23 2021, @08:12PM
why? =)
(Score: 1, Informative) by Anonymous Coward on Friday July 23 2021, @06:52PM (4 children)
Okay so there's some sort of code embedded maybe with hashing or stenography in the model (weights or kernels). So what?
The model itself only uses those weights for multiplication and addition. Not a great attack surface. Without something else to either extract and use them, it's unclear that this is anything more than 'hey you can use stenography with a neutral net'.
(Score: 1, Insightful) by Anonymous Coward on Friday July 23 2021, @07:07PM (2 children)
Ah, but what if the malware subtly alters the NN performance. Say the NN diagnosis of your nasal swab says that you with a rhinovirus (common cold) when you actually have Covid?
(Score: 0) by Anonymous Coward on Friday July 23 2021, @07:10PM (1 child)
doh,
says that you with a rhinovirus
says that you have a rhinovirus
(Score: 3, Funny) by Anonymous Coward on Friday July 23 2021, @08:31PM
Looks like someone successfully exploited parent's NN
(Score: 0) by Anonymous Coward on Saturday July 24 2021, @05:17PM
Multiplication and addition are dangerous operations. After all, if the malware multiplies, it spreads, and if it adds new features to itself, it evolves. Before you notice, you've evolved an evil AI that takes over the world and enslaves all humans. :-)
(Score: -1, Spam) by Anonymous Coward on Friday July 23 2021, @07:31PM
Wonder what sort of IP exfiltration this EvilModel is targetting?