EvilModel: Hiding Malware Inside of Neural Network Models
This work addresses a security threat for AI systems by demonstrating a novel attack vector, though it is incremental in combining existing malware techniques with neural networks.
The authors tackled the problem of covert malware delivery by embedding malware inside neural network models, achieving a 1% accuracy loss while embedding 36.9MB of malware in a 178MB AlexNet model and evading detection by antivirus engines.
Delivering malware covertly and evasively is critical to advanced malware campaigns. In this paper, we present a new method to covertly and evasively deliver malware through a neural network model. Neural network models are poorly explainable and have a good generalization ability. By embedding malware in neurons, the malware can be delivered covertly, with minor or no impact on the performance of neural network. Meanwhile, because the structure of the neural network model remains unchanged, it can pass the security scan of antivirus engines. Experiments show that 36.9MB of malware can be embedded in a 178MB-AlexNet model within 1% accuracy loss, and no suspicion is raised by anti-virus engines in VirusTotal, which verifies the feasibility of this method. With the widespread application of artificial intelligence, utilizing neural networks for attacks becomes a forwarding trend. We hope this work can provide a reference scenario for the defense on neural network-assisted attacks.