Steganalysis of neural networks based on parameter statistical bias

Q4 Engineering

中国科学技术大学学报 Pub Date : 2022-01-01 DOI:10.52396/justc-2021-0197

Yi Yin, Weiming Zhang, Nenghai Yu, Kejiang Chen

{"title":"Steganalysis of neural networks based on parameter statistical bias","authors":"Yi Yin, Weiming Zhang, Nenghai Yu, Kejiang Chen","doi":"10.52396/justc-2021-0197","DOIUrl":null,"url":null,"abstract":"Many pretrained deep learning models have been released to help engineers and researchers develop deep learning-based systems or conduct research with minimall effort. Previous work has shown that at secret message can be embedded in neural network parameters without compromising the accuracy of the model. Malicious developers can, therefore, hide malware or other baneful information in pretrained models, causing harm to society. Hence, reliable detection of these vicious pretrained models is urgently needed. We analyze existing approaches for hiding messages and find that they will ineluctably cause biases in the parameter statistics. Therefore, we propose steganalysis methods for steganography on neural network parameters that extract statistics from benign and malicious models and build classifiers based on the extracted statistics. To the best of our knowledge, this is the first study on neural network steganalysis. The experimental results reveal that our proposed algorithm can effectively detect a model with an embedded message. Notably, our detection methods are still valid in cases where the payload of the stego model is low.","PeriodicalId":17548,"journal":{"name":"中国科学技术大学学报","volume":"27 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"中国科学技术大学学报","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.52396/justc-2021-0197","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 1

Abstract

Many pretrained deep learning models have been released to help engineers and researchers develop deep learning-based systems or conduct research with minimall effort. Previous work has shown that at secret message can be embedded in neural network parameters without compromising the accuracy of the model. Malicious developers can, therefore, hide malware or other baneful information in pretrained models, causing harm to society. Hence, reliable detection of these vicious pretrained models is urgently needed. We analyze existing approaches for hiding messages and find that they will ineluctably cause biases in the parameter statistics. Therefore, we propose steganalysis methods for steganography on neural network parameters that extract statistics from benign and malicious models and build classifiers based on the extracted statistics. To the best of our knowledge, this is the first study on neural network steganalysis. The experimental results reveal that our proposed algorithm can effectively detect a model with an embedded message. Notably, our detection methods are still valid in cases where the payload of the stego model is low.

查看原文本刊更多论文

基于参数统计偏差的神经网络隐写分析

许多预先训练的深度学习模型已经发布，以帮助工程师和研究人员开发基于深度学习的系统或以最小的努力进行研究。先前的研究表明，秘密信息可以嵌入到神经网络参数中，而不会影响模型的准确性。因此，恶意开发人员可以将恶意软件或其他有害信息隐藏在预训练的模型中，从而对社会造成危害。因此，迫切需要可靠地检测这些恶性预训练模型。我们分析了现有的隐藏消息的方法，发现它们不可避免地会在参数统计中引起偏差。因此，我们提出了基于神经网络参数的隐写分析方法，该方法从良性和恶意模型中提取统计信息，并基于提取的统计信息构建分类器。据我们所知，这是第一个关于神经网络隐写分析的研究。实验结果表明，该算法能够有效地检测出含有嵌入信息的模型。值得注意的是，我们的检测方法在stego模型的有效载荷较低的情况下仍然有效。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

中国科学技术大学学报 Engineering-Mechanical Engineering

CiteScore

0.40

自引率

0.00%

发文量

5692

期刊介绍：