在深度學習模型中隱藏和執行惡意程式的方法論

Abstract

深度神經網絡 (DNN) 因其強大的功能而被廣泛用於構建人工智慧 (AI) 應用程序。 然而，安全問題也同時浮現。 將惡意程式隱藏在深度神經網絡模型中是一個攻擊層面。 同時，模型格式存在不安全的反序列化漏洞。 結合這兩個弱點可以實現攻擊流程。 這種攻擊的挑戰是嵌入率、準確性下降和提取工作的複雜度。 因此，本論文提供了在分類神經網絡模型中嵌入惡意程式的注入規則，並提出了一種使用注入規則的惡意程式注入方法。 提供了一種更全面的方法來實現高嵌入率、低精度下降和低複雜度的提取工作。

Deep Neural Networks (DNNs) are widely used to build artificial intelligence (AI) applications due to their powerful features. However, security concerns are emerging. Hiding malware inside the model is an attack surface. At the same time, the model format has an insecure deserialization vulnerability. Combining these two weaknesses can fulfill an attack flow. The challenges in this attack are the embedding rate, accuracy degradation, and extraction effort. Thus, this thesis provided injecting rules for embedding malware in classification neural network models and proposed a malware injection method using injecting rules. A more comprehensive methodology is offered to achieve a high embedding rate, low accuracy degradation, and less extraction effort.