Visible to the public SIN2: Stealth infection on neural network \#x2014; A low-cost agile neural Trojan attack methodology

TitleSIN2: Stealth infection on neural network \#x2014; A low-cost agile neural Trojan attack methodology
Publication TypeConference Paper
Year of Publication2018
AuthorsLiu, T., Wen, W., Jin, Y.
Conference Name2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
ISBN Number978-1-5386-4731-8
KeywordsAI Poisoning, artificial intelligence industry, cloud computing, Computational modeling, Deep Neural Network, DNN security, dynamic runtime system, Human Behavior, intelligent service supply chain, intelligent supply chain, Intelligent systems, invasive software, learning (artificial intelligence), low-cost agile neural Trojan attack methodology, low-cost modular methodology-stealth infection on neural network, neural computing framework, neural nets, Neural networks, Payloads, portable DNN computing engine, pubcrawl, resilience, Resiliency, Runtime, Scalability, security, SIN2, software algorithm level, static neural network model, third-party cloud based machine learning as a service, Trojan horses

Deep Neural Network (DNN) has recently become the "de facto" technique to drive the artificial intelligence (AI) industry. However, there also emerges many security issues as the DNN based intelligent systems are being increasingly prevalent. Existing DNN security studies, such as adversarial attacks and poisoning attacks, are usually narrowly conducted at the software algorithm level, with the misclassification as their primary goal. The more realistic system-level attacks introduced by the emerging intelligent service supply chain, e.g. the third-party cloud based machine learning as a service (MLaaS) along with the portable DNN computing engine, have never been discussed. In this work, we propose a low-cost modular methodology-Stealth Infection on Neural Network, namely "SIN2", to demonstrate the novel and practical intelligent supply chain triggered neural Trojan attacks. Our "SIN2" well leverages the attacking opportunities built upon the static neural network model and the underlying dynamic runtime system of neural computing framework through a bunch of neural Trojaning techniques. We implement a variety of neural Trojan attacks in Linux sandbox by following proposed "SIN2". Experimental results show that our modular design can rapidly produce and trigger various Trojan attacks that can easily evade the existing defenses.

Citation Keyliu_sin2:_2018