MaleficNet: Hiding Malware into Deep Neural Networks using Spread-Spectrum Channel Coding
May 5 at 15:00-16:00
Aula Epsilon, Via Celoria 18
Speaker: Prof. Luigi V. Mancini (Universtità La Sapienza Roma)
Host: Marco Anisetti
The training and development of good deep learning models is often a challenging task. Thus, developers, researchers, and practitioners use third-party models in public repositories and fine-tune these models to their needs, usually with little-to-no effort. Despite its undeniable benefits, this practice can lead to new attack vectors. This talk demonstrates the feasibility and effectiveness of one such attack, namely malware embedding in deep learning models. We push the boundaries of current state-of-the-art by introducing MaleficNet, a technique that combines spread-spectrum channel coding with error correction techniques, injecting malicious payloads in the parameters of deep neural networks, all while causing no degradation to the model's performance and successfully bypassing state-of-the-art detection and removal mechanisms. We believe this work will raise awareness against these new, dangerous, camouflaged threats, assist the research community and practitioners in evaluating the capabilities of modern machine learning architectures, and pave the way to research targeting the detection and mitigation of such threats.
Professor Luigi V. Mancini is the director of the Master's degree program in Cybersecurity at the Sapienza University of Rome. He has founded several Master's degree programs in Information and Network Security at the University in the past 20 years and supervised doctoral theses on cybersecurity topics for dozens of students over the past 25 years, some of whom are now full professors. From 2013 to 2016, he served as Deputy Dean of the Faculty of Information Engineering, Informatics, and Statistics at the University. Professor Mancini has been a Visiting Professor at the Center for Secure Information Systems at George Mason University in Virginia, USA, during the summer since 2015. He has published over 140 scientific papers in international conferences and journals, earning over 8000 citations on Google Scholar. In 2020, he received the Jean-Claude Laprie Award for his work on "Scalable and efficient provable data possession," which proposed efficient techniques for ensuring data integrity in cloud applications without blindly trusting the cloud provider. His research interests include machine learning security, network and information security, and user privacy. Professor Mancini received his PhD in Computer Science from the University of Newcastle in 1989.