Attacks on Machine Learning Models Based on the PyTorch Framework

Cover Page

Cite item

Full Text

Open Access Open Access
Restricted Access Access granted
Restricted Access Subscription Access

Abstract

Рассматриваются последствия использования облачных сервисов для обучения нейронных сетей с точки зрения кибербезопасности. Ресурсоемкость обучения нейронных сетей создает проблемы, что приводит к росту зависимости от облачных сервисов. Однако такая зависимость создает новые риски кибербезопасности. Исследование посвящено новому методу атаки, использующему веса нейронных сетей для незаметного распространения скрытых вредоносных программ. Рассматриваются семь методов встраивания и четыре типа триггеров для активации вредоносного программного обеспечения. Представлен фреймворк с открытым исходным кодом, автоматизирующий внедрение кода в весовые параметры нейронных сетей, что позволяет исследователям изучать и противодействовать этому новому вектору атак.

References

  1. Namiot D., Ilyushin E., Pilipenko O. On trusted AI Platforms // Int. J. Open Inform. Techn. 2022. V. 10. No. 7. P. 119–127.
  2. Kostyumov V. A survey and systematization of evasion attacks in computer vision // Int. J. Open Inform. Techn. 2022. V. 10. No. 10. P. 11–20.
  3. Stoecklin Ph.M., Kirat D., Jang J. DeepLocker: How AI Can Power a Stealthy New Breed of Malware // SecurityIntelligence. 2018.
  4. Ilyushin E., Namiot D., Chizhov I. Attacks on machine learning systems-common problems and methods // Int. J. Open Inform. Techn. 2022. V. 10. No. 3. P. 17–22.
  5. Liu T. StegoNet: Turn Deep Neural Network into a Stegomalware // Annual Computer Security Applications Conference. ACSAC‘20. 2020. P. 928–938.
  6. Wang Z. EvilModel 2.0: Bringing Neural Network Models into Malware Attacks // arXiv:2109.04344. 2021.
  7. Liu T., Wen W., Jin Y. SIN2: Stealth infection on neural network – A low-cost agile neural Trojan attack methodology // IEEE Int. Symposium on Hardware Oriented Security and Trust. 2018. P. 227–230.
  8. Stefnisson S. Evasive Malware Now a Commodity // SecurityWeek. 2018.
  9. Bidzhiev T., Namiot D. Research of existing approaches to embedding malicious software in artificial neural networks // Int. J. Open Inform. Techn. 2022. V. 10.No. 9. P. 21–31.
  10. Bidzhiev T. NNMalwareEmbedder. 2023. https://github.com/Temish09/NNMalwareEmbedder
  11. Keita K., Michel P., Neubig G. Weight poisoning attacks on pretrained models // arXiv preprint arXiv:2004.06660. 2020.
  12. Lakshmanan R. A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages // The Hacker News. 2022.
  13. IEEE Computer Society. IEEE 754-2019 – IEEE Standard for Floating-Point Arithmetic. 2019.
  14. Snehal K., Neeta D. Jacobs D. Implementation of lsb steganography and its evaluation for various bits // 1st International Conference on Digital Information Management. 2007. P. 173–178.
  15. Howard G.A. MobileNets: Efficient Convolutional Neural Networks for Mobile Vision Applications // arXiv:1704.04861. 2017.
  16. ytisf. theZoo – A Live Malware Repository. 2021. https://github.com/ytisf/theZoo.
  17. Iandola N.F. SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and < 0.5 MB model size // arXiv preprint arXiv:1602.07360. 2016.
  18. Krizhevsky A., Sutskever I., Hinton E.G. Imagenet classification with deep convolutional neural networks // Advances in neural information processing systems. 2012. No. 25. P. 1097–1105.
  19. Simonyan K., Zisserman A. Very deep convolutional networks for largescale image recognition // arXiv preprint arXiv:1409.1556. 2014.
  20. Rossum G. van. pickle – Python object serialization // Python Software Foundation, Python Documentation. 2021.
  21. Trail of Bits. Fickling. 2021. https://github.com/trailofbits/fickling.
  22. Acunetix. What is Insecure Deserialization? // Acunetix. 2017.
  23. Paszke A. PyTorch: An Imperative Style, High-Performance Deep Learning Library. 2019.
  24. Szegedy C. Going deeper with convolutions // Proceedings of the IEEE conference on computer vision and pattern recognition. 2015. P. 1–9.
  25. Deng J. Imagenet: A large-scale hierarchical image database // IEEE conference on computer vision and pattern recognition. 2009. P. 248–255.
  26. InQuest. malware-samples. 2021. https://github.com/InQuest/malware-samples.
  27. Yansong G. Strip: A defence against trojan attacks on deep neural networks // Proceedings of the 35th Annual Computer Security Applications Conference. 2019.
  28. Yansong G. Backdoor attacks and countermeasures on deep learning: A comprehensive review // arXiv preprint arXiv:2007.10760. 2020.
  29. Parker S., Wu Z., Christofides D.P. Cybersecurity in process control, operations, and supply chain // Computers & Chemical Engineering. 2023. V. 171. P. 108–169.
  30. Costales R. Live trojan attacks on deep neural networks // arXiv:2004.11370. 2020

Copyright (c) 2024 The Russian Academy of Sciences

This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies