Research of existing approaches to embedding malicious software in artificial neural networks

Temirlan Bidzhiev, Dmitry Namiot


In recent years, neural networks have shown their potential as a new paradigm for solving problems in the field of information technology. They have shown their effectiveness in many areas, but training neural networks is expensive in terms of computing resources. In this regard, there are services for training networks based on cloud technologies, as well as obtaining pre-trained models. This has introduced new threats to cybersecurity. By splitting and placing malicious software to the weight parameters of the neurons of the network, it can be transmitted imperceptibly, through the channels of unreliable service providers. Seven methods of malware introduction and activation are considered, including LSB substitution (replacement of the least significant bits), Restlience training, Value-mapping, Sign-mapping, MSB reservation (saving the most significant bits), Fast substitution, Half substitution. A comparative analysis of these methods is given. Four types of triggers for software activation are considered, namely the Sign trigger, Logits trigger, Rank trigger, Fine-tuned Rank Trigger. The code with the implementation of the LSB substitution method in the Python programming language is given.

Full Text:

PDF (Russian)


Jia Deng et al. «Imagenet: A large-scale hierarchical image database». In: 2009 IEEE conference on computer vision and pattern recognition. Ieee. 2009, pp. 248–255.

Namiot Dmitry and Eugene Ilyushin. ”Generative Models in Machine Learning.” International Journal of Open Information Technologies 10.7 (2022): 101-118.

The Linux Foundation. ONNX. url: https:// (visited on 05/21/2022).

Andrew G. Howard et al. «MobileNets: Efficient Convolutional Neural Networks for Mobile Vision Applications». In: CoRR abs/1704.04861 (2017). arXiv: 1704.04861. url:

Dmitry Namiot Ilyushin Eugene and Ivan Chizhov. ”Attacks on machine learning systems-common problems and methods.” Internation Journal of Open Information Technologies 10.3 (2022): 17-22.

The Hacker News - Ravie Lakshmanan. A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages. url: a - threat - actor - dubbed - red - lili - has - been.html (visited on 04/19/2022).

Tao Liu, Wujie Wen, and Yier Jin. «SIN2: Stealth infection on neural network — A low-cost agile neural Trojan attack methodology». In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2018, pp. 227–230. doi: 10.1109/HST.2018.8383920.

Tao Liu et al. «StegoNet: Turn Deep Neural Network into a Stegomalware». In: Annual Computer Security Applications Conference. ACSAC ’20. Austin, USA: Association for Computing Machinery, 2020, pp. 928–938. isbn: 9781450388580. doi: 10 . 1145 / 3427228 . 3427268. url: https : / / doi . org / 10 . 1145 / 3427228 .

PortSwigger Ltd. Insecure deserialization. url: (visited on 05/22/2022).

Dhilung Kirat Marc Ph. Stoecklin co-authored by Jiyong Jang. DeepLocker: How AI Can Power a Stealthy New Breed of Malware. 2018. url: https://securityintelligence . com / deeplocker - how - ai - can - power - a - stealthy - new - breed - of - malware/ (visited on 02/12/2022).

Eugene Ilyushin Namiot Dmitry and Oleg Pilipenko. ”On trusted AI Platforms.” Internation Journal of Open Information Technologies 10.7 (2022): 119-127.

Yuval Nativ. theZoo - A Live Malware Repository. 2015. url: https : / / thezoo . morirt . com/ (visited on 05/22/2022).

IEEE Computer Society. IEEE 754-2019 - IEEE Standard for Floating-Point Arithmetic. 2019. url: https: / / standards . ieee . org / ieee / 754 / 6210/ (visited on 04/11/2022).

Siggi Stefnisson. Evasive Malware Now a Commodity. 2018. url: https://www. securityweek. com/ evasive - malware-now-commodity (visited on 05/22/2022).

Artificial intelligence in cybersecurity., checked: 08.08.2022.

Zhi Wang et al. EvilModel 2.0: Bringing Neural Network Models into Malware Attacks. 2021. arXiv: 2109.04344 [cs.CR]


  • There are currently no refbacks.

Abava  Кибербезопасность MoNeTec 2024

ISSN: 2307-8162