MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

Hitaj, Dorjan; Pagnotta, Giulio; Hitaj, Briland; Mancini, Luigi V.; Pérez-Cruz, Fernando

doi:10.1007/978-3-031-17143-7_21

Cited by 4 publications

(4 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead of embedding the data in the model's function, other studies tried embedding the data in the model's parameters using stenography [23,24,56]. However, as shown in Section VI, we found that these methods are easily mitigated during export if a small amount of random Gaussian noise is added to the parameters.…”

Section: B Data Extractionmentioning

confidence: 93%

Transpose Attack: Stealing Datasets with Bidirectional Training

Amit,

Levy,

Mirsky

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Deep neural networks are normally executed in the forward direction. However, in this work, we identify a vulnerability that enables models to be trained in both directions and on different tasks. Adversaries can exploit this capability to hide rogue models within seemingly legitimate models. In addition, in this work we show that neural networks can be taught to systematically memorize and retrieve specific samples from datasets. Together, these findings expose a novel method in which adversaries can exfiltrate datasets from protected learning environments under the guise of legitimate models.We focus on the data exfiltration attack and show that modern architectures can be used to secretly exfiltrate tens of thousands of samples with high fidelity, high enough to compromise data privacy and even train new models. Moreover, to mitigate this threat we propose a novel approach for detecting infected models.

show abstract

Section: B Data Extractionmentioning

confidence: 93%

Transpose Attack: Stealing Datasets with Bidirectional Training

Amit,

Levy,

Mirsky

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…To build a ground truth dataset of Indicator objects, we retrieve scanning reports from three services: VirusTotal, HybridAnalysis, and MetaDefender, which are widely used to validate threat indicators [28], [38], [37], [21], [55]. For each attribute type (i.e., malware hashes, domains, URLs, and IP addresses), VirusTotal and MetaDefender provide detection results from various anomaly detection engines, and HybridAnalysis provides a threat score with three status tags (i.e., malicious, suspicious, and no specific threat).…”

Section: A Improper Valuementioning

confidence: 99%

“…To obtain more reliable and accurate actual security threat data, we use at least three representative services related to each measurement (e.g., VirusTotal, Hybri-dAnalysis, and MetaDefender for the timeliness analysis) as sources of security threat data instead of relying on a single service. Note that these sources are widely used as ground truth in prior works [28], [38], [37], [21], [55], [67], [59], [32].…”

Section: Limitationsmentioning

confidence: 99%

Sharing cyber threat intelligence: Does it really help?

Jin,

Kim,

Lee

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

The sharing of Cyber Threat Intelligence (CTI) across organizations is gaining traction, as it can automate threat analysis and improve security awareness. However, limited empirical studies exist on the prevalent types of cybersecurity threat data and their effectiveness in mitigating cyber attacks. We propose a framework named CTI-Lense to collect and analyze the volume, timeliness, coverage, and quality of Structured Threat Information eXpression (STIX) data, a de facto standard CTI format, from a list of publicly available CTI sources. We collected about 6 million STIX data objects from October 31, 2014 to April 10, 2023 from ten data sources and analyzed their characteristics. Our analysis reveals that STIX data sharing has steadily increased in recent years, but the volume of STIX data shared is still relatively low to cover all cyber threats. Additionally, only a few types of threat data objects have been shared, with malware signatures and URLs accounting for more than 90% of the collected data. While URLs are usually shared promptly, with about 72% of URLs shared earlier than or on the same day as VirusTotal, the sharing of malware signatures is significantly slower. Furthermore, we found that 19% of the Threat actor data contained incorrect information, and only 0.09% of the Indicator data provided security rules to detect cyber attacks. Based on our findings, we recommend practical considerations for effective and scalable STIX data sharing among organizations.

show abstract

“…Decision trees provided a straightforward yet powerful means of classifying ransomware activities based on distinct features, which helped in isolating anomalous patterns indicative of ransomware attacks [1], [2]. Neural networks, with their deep learning capabilities, allowed for the modeling of complex relationships within large datasets, significantly enhancing the ability to detect subtle ransomware signatures that traditional methods might overlook [3], [4]. Support vector machines leveraged hyperplane-based classification to separate benign from malicious activities with high accuracy, thus offering a robust solution for early-stage ransomware detection [5]- [7].…”

Section: A Machine Learning Approachesmentioning

confidence: 99%

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Koike,

Tanaka,

Maeda

2024

Preprint

View full text Add to dashboard Cite

Ransomware attacks have become increasingly prevalent and sophisticated, posing significant threats to data security and organizational operations worldwide. Leveraging a federated learning-based approach, this research presents a novel and significant advancement in ransomware detection by utilizing network and file system indicators of compromise while ensuring data privacy. The methodology involves the decentralized training of machine learning models across multiple clients, which enhances the model's robustness and adaptability to various ransomware attack scenarios. Extensive experiments and evaluations demonstrate the high accuracy, precision, recall, and F1-scores achieved by the proposed model, showcasing its effectiveness in real-world applications. The innovative combination of preprocessing, feature engineering, and sophisticated machine learning techniques within a federated learning framework results in a scalable and privacy-preserving solution capable of addressing the dynamic and evolving landscape of ransomware threats. This study contributes valuable insights into the development of effective ransomware detection systems, emphasizing the importance of collaborative and decentralized learning techniques in enhancing cybersecurity defenses.

show abstract

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

Cited by 4 publications

References 49 publications

Transpose Attack: Stealing Datasets with Bidirectional Training

Transpose Attack: Stealing Datasets with Bidirectional Training

Sharing cyber threat intelligence: Does it really help?

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Contact Info

Product

Resources

About