Industrial large models as carriers for malicious payloads: A fast and robust approach

IF 6.6 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Applied Soft Computing Pub Date : 2025-09-19 DOI:10.1016/j.asoc.2025.113967

Yi Yuan , Ruijun Deng , Zhihui Lu , Patrick C.K. Hung

{"title":"Industrial large models as carriers for malicious payloads: A fast and robust approach","authors":"Yi Yuan , Ruijun Deng , Zhihui Lu , Patrick C.K. Hung","doi":"10.1016/j.asoc.2025.113967","DOIUrl":null,"url":null,"abstract":"<div><div>As artificial intelligence (AI) technologies are increasingly deployed in industrial domains, the use of pre-trained industrial large models (ILMs) has become widespread due to their cost-effectiveness and high performance across complex tasks. However, this growing reliance introduces new cybersecurity threats, particularly concerning the integrity of model parameters. Attackers are increasingly targeting AI models, exploiting vulnerabilities in the software supply chain, providing a covert means of executing novel cyberattacks, and posing significant security risks. Although antivirus software and intrusion detection systems are effective in protecting systems, the evolving nature of attack strategies, particularly the use of widely available AI models as carriers for malicious payloads, poses increasingly sophisticated security threats. Most existing embedding techniques struggle in ILM application scenarios, where payloads are inefficiently embedded and extracted, and are easily disrupted by fine-tuning. Meanwhile, the few robustness techniques always face limitations in areas such as low efficiency, model performance degradation, and the challenge of achieving a balance between efficiency and robustness. In this paper, we introduce <strong>FREEZER</strong>: Fast Redundant Exponent Embedding with Robustness (Robustness refers to the ability to preserve the embedded payload after full fine-tuning, while fast speed denotes its substantially faster payload embedding and extraction compared to prior approaches), a framework for significantly improving efficiency while maintaining robustness during the injection of malicious payloads into ILMs. FREEZER effectively addresses the challenge of extensive bit errors—defined as the bitwise discrepancy between the originally embedded malicious payload and the payload recovered by the prescribed extractor after full-parameter fine-tuning. Moreover, the infected models obtained using FREEZER exhibit no significant performance degradation. Experimental results show that FREEZER achieves a 20x faster injection speed and a 240x faster extraction speed compared to the current state-of-the-art (SOTA) method while maintaining high robustness. FREEZER raises awareness of this emerging threat and inspires the development of novel defenses against new forms of cyberattacks.</div></div>","PeriodicalId":50737,"journal":{"name":"Applied Soft Computing","volume":"185 ","pages":"Article 113967"},"PeriodicalIF":6.6000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Soft Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1568494625012803","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

As artificial intelligence (AI) technologies are increasingly deployed in industrial domains, the use of pre-trained industrial large models (ILMs) has become widespread due to their cost-effectiveness and high performance across complex tasks. However, this growing reliance introduces new cybersecurity threats, particularly concerning the integrity of model parameters. Attackers are increasingly targeting AI models, exploiting vulnerabilities in the software supply chain, providing a covert means of executing novel cyberattacks, and posing significant security risks. Although antivirus software and intrusion detection systems are effective in protecting systems, the evolving nature of attack strategies, particularly the use of widely available AI models as carriers for malicious payloads, poses increasingly sophisticated security threats. Most existing embedding techniques struggle in ILM application scenarios, where payloads are inefficiently embedded and extracted, and are easily disrupted by fine-tuning. Meanwhile, the few robustness techniques always face limitations in areas such as low efficiency, model performance degradation, and the challenge of achieving a balance between efficiency and robustness. In this paper, we introduce FREEZER: Fast Redundant Exponent Embedding with Robustness (Robustness refers to the ability to preserve the embedded payload after full fine-tuning, while fast speed denotes its substantially faster payload embedding and extraction compared to prior approaches), a framework for significantly improving efficiency while maintaining robustness during the injection of malicious payloads into ILMs. FREEZER effectively addresses the challenge of extensive bit errors—defined as the bitwise discrepancy between the originally embedded malicious payload and the payload recovered by the prescribed extractor after full-parameter fine-tuning. Moreover, the infected models obtained using FREEZER exhibit no significant performance degradation. Experimental results show that FREEZER achieves a 20x faster injection speed and a 240x faster extraction speed compared to the current state-of-the-art (SOTA) method while maintaining high robustness. FREEZER raises awareness of this emerging threat and inspires the development of novel defenses against new forms of cyberattacks.

查看原文本刊更多论文

作为恶意有效载荷载体的工业大型模型：一种快速且健壮的方法

随着人工智能（AI）技术越来越多地应用于工业领域，预训练的工业大型模型（ilm）因其在复杂任务中的成本效益和高性能而变得广泛使用。然而，这种日益增长的依赖带来了新的网络安全威胁，特别是在模型参数的完整性方面。攻击者越来越多地瞄准人工智能模型，利用软件供应链中的漏洞，提供执行新型网络攻击的隐蔽手段，并带来重大安全风险。尽管防病毒软件和入侵检测系统在保护系统方面是有效的，但攻击策略的不断发展，特别是使用广泛可用的人工智能模型作为恶意有效载荷的载体，构成了越来越复杂的安全威胁。大多数现有的嵌入技术在ILM应用场景中都很挣扎，有效载荷的嵌入和提取效率低下，并且很容易被微调破坏。同时，少数鲁棒性技术总是面临效率低、模型性能下降以及在效率和鲁棒性之间取得平衡的挑战等方面的局限性。在本文中，我们介绍了freeze：快速冗余指数嵌入鲁棒性（鲁棒性是指在完全微调后保留嵌入有效载荷的能力，而快速速度表示与之前的方法相比，其有效载荷嵌入和提取的速度要快得多），这是一个显著提高效率的框架，同时在向ilm注入恶意有效载荷期间保持鲁棒性。freeze有效地解决了广泛的比特错误的挑战-定义为原始嵌入的恶意有效载荷与指定提取器在全参数微调后恢复的有效载荷之间的位差异。此外，使用freeze获得的感染模型没有表现出明显的性能下降。实验结果表明，与当前最先进的（SOTA）方法相比，FREEZER在保持高鲁棒性的同时，实现了20倍的注射速度和240倍的提取速度。freeze提高了对这种新兴威胁的认识，并激发了针对新形式网络攻击的新型防御的发展。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Applied Soft Computing 工程技术-计算机：跨学科应用

CiteScore

15.80

自引率

6.90%

发文量

874

审稿时长

10.9 months

期刊介绍： Applied Soft Computing is an international journal promoting an integrated view of soft computing to solve real life problems.The focus is to publish the highest quality research in application and convergence of the areas of Fuzzy Logic, Neural Networks, Evolutionary Computing, Rough Sets and other similar techniques to address real world complexities. Applied Soft Computing is a rolling publication: articles are published as soon as the editor-in-chief has accepted them. Therefore, the web site will continuously be updated with new articles and the publication time will be short.