[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
article

Neural network Trojan

Published: 01 March 2013 Publication History

Abstract

This paper presents a proof of concept of a neural network Trojan. The neural network Trojan consists of a neural network that has been trained with a compromised dataset and modified code. The Trojan implementation is carried out by insertion of a malicious payload encoded into the weights alongside with the data of the intended application. The neural Trojan is specifically designed so that when a specific entry is fed into the trained neural network, it triggers the interpretation of the data as payload. The paper presents a background on which this attack is based and provides the assumptions that make the attack possible. Two embodiments of the attack are presented consisting of a basic backpropagation network and a Neural Network Trojan with Sequence Processing Connections NNTSPC. The two alternatives are used depending on the underlying circumstances on which the compromise is launched. Experimental results are carried out with synthetic as well as a chosen existing binary payload. Practical issues of the attack are also discussed, as well as a discussion on detection techniques.

References

[1]
A. Asuncion and D.J. Newman, UCI Machine Learning Repository, Univ. California, Irvine, CA, 2007.
[2]
M. Barreno, N. Blaine, J. Anthony and J. Tygar, The security of machine learning, Mach. Learn. 81(2) (2010), 121-148.
[3]
R. Begg, J. Kamruzzaman and R. Sarkar, Neural Networks in Healthcare: Potential and Challenges, IGI Publishing, Hershey, PA, 2006.
[4]
G. Bonfante, M. Kaczmarek and J.-Y. Marion, Toward an abstract computer virology, in: ICTAC, Springer, Berlin, 2005, pp. 579-593.
[5]
G. Bonfante, M. Kaczmarek and J.-Y. Marion, On abstract computer virology from a recursion theoretic perspective, J. Comput. Virol. 1(3,4) (2006), 45-54.
[6]
G. Bonfante, M. Kaczmarek and J.-Y. Marion, A classification of viruses through recursion theorems, in: CiE 2007, Lecture Notes in Computer Science, Vol. 4497, Springer, Berlin, 2007, pp. 73- 82.
[7]
D. Bradbury, Inserting malware at the source, Comput. Fraud Secur. 2012(5) (2012), 7-10.
[8]
Q.-Z. Chen, R. Cheng and Y.-J. Gu, Classification algorithms of Trojan horse detection based on behavior, in: Proc. International Conference on Multimedia Information Networking and Security, Vol. 2, IEEE Computer Society, Washington, DC, 2009, pp. 510-513.
[9]
B.H. Cho, C.J. Park and K.H. Yang, Comparison of AI techniques for fighting action games - genetic algorithms/neural networks/evolutionary neural networks, in: Entertainment Computing, Springer, Berlin/Heidelberg, 2007, pp. 55-65.
[10]
E. Filiol, M. Helenius and S. Zanero, Open problems in computer virology, J. Comput. Virol. 1(3,4) (2006), 55-66.
[11]
S. Gallant, Perceptron-based learning algorithms, Trans. Neural Networks 1(2) (1990), 179-191.
[12]
M. Gao and J. Tian, Network intrusion detection method based on improved simulated annealing neural network, in: Proc. International Conference on Measuring Technology and Mechatronics Automation, Vol. 3, IEEE Computer Society Washington, DC, 2009, pp. 261-264.
[13]
S. Geman, E. Bienenstock and R. Doursat, Neural networks and the bias/variance dilemma, Neural Comput. 4(1992), 1-58.
[14]
S. Gordon and D. Chess, Where there's smoke there's mirrors: the truth about Trojan horses on the Internet, in: Proc. 8th International Virus Bulletin Conference, Munich, Germany, 1998, pp. 183- 204.
[15]
F. Haddadi, S. Khanchi, M. Shetabi and V. Derhami, Intrusion detection and attack classification using feed-forward neural network, in: Proc. 2nd International Conference on Computer and Network Technology, IEEE Computer Society, Washington, DC, 2010, pp. 262-266.
[16]
K. Hornik, M. Stinchcombe and H. White, Multilayer feedforward networks are universal approximators, Neural Networks 2(5) (1989), 359-366.
[17]
W. Huai-bin, Y. Hong-liang, X. Zhi-jian and Y. Zheng, A clustering algorithm Use SOM and k-means in intrusion detection, in: Proc. International Conference on E-Business and E-Government, IEEE Computer Society, Washington, DC, 2010, pp. 1281-1284.
[18]
C. Jin, X. Wang and H.-Y. Tan, Dynamic attack tree and its applications on Trojan horse detection, in: Proc. 2nd International Conference on Multimedia and Information Technology, IEEE Computer Society, Washington, DC, 2010, pp. 56-59.
[19]
W. Jing-xin, W. Zhi-ying and D. Kui, A network intrusion detection system based on the artificial neural networks, in: Proc. 3rd International Conference on Information Security, ACM Press, New York, NY, 2004, pp. 166-170.
[20]
D. Johnson and J. Wiles, Computer games with intelligence, in: Proc. 10th IEEE International Conference on Fuzzy Systems, IEEE Press, Los Alamitos, CA, 2001, pp. 1355-1358.
[21]
I. Kanter, W. Kinzel and E. Kanter, Secure exchange of information by synchronization of neural networks, Europhys. Lett. 57(2002), 141.
[22]
A. Klimov, A. Mityagin and A. Shamir, Analysis of neural cryptography, in: Proc. 8th International Conference on the Theory and Application of Cryptology and Information Security, Queenstown, New Zealand, Springer-Verlag, London, 2002, pp. 288-298.
[23]
M. Kloft and P. Laskov, A poisoning attack against online anomaly detection, in: Proc. NIPS Workshop on Machine Learning in Adversarial Environments for Computer Security, Vancouver, BC, Canada, 2007.
[24]
P. Laskov and M. Kloft, A framework for quantitative security analysis of machine learning, in: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, ACM Press, New York, NY, 2009, pp. 1-4.
[25]
S. Lawrence, A.C. Tsoi and C.L. Giles, What size neural network gives optimal generalization? Convergence properties of backpropagation, Technical Reports UMIACS-TR-96-22 and CS-TR-3617, Institute for Advanced Computer Studies, Univ. Maryland, College Park, MD, 1996.
[26]
C.G. Looney, Advances in feedforward neural networks: demystifying knowledge acquiring black boxes, IEEE Trans. Knowl. Data Eng. 8(2) (1996), 211-226.
[27]
J. McDermott, Prolepsis on the problem of Trojan-horse based integrity attacks (position paper), in: Proc. Workshop on New Security Paradigms, ACM Press, New York, NY, 1998, pp. 48-51.
[28]
P.D. McNelis, Neural Networks in Finance: Gaining Predictive Edge in the Market, Elsevier, Amsterdam, 2005.
[29]
J.B. Michael, S. Member, M. Auguston, N.C. Rowe and R.D. Riehle, Decoys: intrusion detection and countermeasures, in: Proc. IEEE Workshop on Inf. Assurance, West Point, NY, IEEE Press, 2002, pp. 130-138.
[30]
G. Mirchandani and W. Cao, On hidden nodes for neural nets, IEEE Trans. Circuits Syst. 36(1989), 661-664.
[31]
M. Moffie, W. Cheng, D. Kaeli and Q. Zhao, Hunting Trojan horses, in: Proc. 1st Workshop on Architectural and System Support for Improving Software Dependability, ACM Press, New York, NY, 2006, pp. 12-17.
[32]
M. Moradi and M. Zulkernine, A neural network based system for intrusion detection and classification of attacks, in: Proc. IEEE International Conference on Advances in Intelligent Systems - Theory and Applications, Luxembourg-Kirchberg, Luxembourg, IEEE Press, 2004, pp. 1-6.
[33]
D.E. Moriarty and R. Miikkulainen, Discovering complex Othello strategies through evolutionary neural networks, Connection Sci. 7(1995), 195-209.
[34]
Y. Nadji, J. Giffin and P. Traynor, Automated remote repair for mobile malware, in: Proc. 27th Annual Computer Security Applications Conference, ACM Press, New York, NY, 2011, pp. 413- 422.
[35]
B. Nelson and A.D. Joseph, Bounding an attack's complexity for a simple learning model, in: Proc. 1st Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, Saint-Malo, France, June 2006.
[36]
D. Novikov, R.V. Yampolskiy and L. Reznik, Anomaly detection based intrusion detection, in: Proc. 3rd International Conference on Information Technology: New Generations, IEEE Computer Society, Washington, DC, 2006, pp. 420-425.
[37]
C. Nugent and P. Cunningham, A case-based explanation system for black-box systems, Artif. Intell. Rev. 24(2) (2005), 163-178.
[38]
A. Pinkus, Approximation theory of the MLP model in neural networks, Acta Numer. 8(1999), 143-195.
[39]
D. Pointcheval, Les reseaux de neurones et leurs applications cryptographiques, Technical report, Laboratoire d'Informatique de l'Ecole Normale Superieure, 1995.
[40]
B.B. Rad, M. Masrom and S. Ibrahim, Evolution of computer virus concealment and antivirus techniques: a short survey, Int. J. Comput. Sci. Issues 8(1) (2011), 113-121.
[41]
D.E. Rumelhart, G.E. Hinton and R.J. Williams, Learning Internal Representations by Error Propagation. Parallel Distributed Processing: Explorations in the Microstructure of Cognition, Foundations, Vol. 1, MIT Press, Cambridge, MA, 1986, pp. 318-362 (Chapter 8).
[42]
R. Setiono and H. Liu, Neural-network feature selector, IEEE Trans. Neural Networks 8(3) (1997), 654-662.
[43]
K. Shihab, A backpropagation neural network for computer network security, J. Comput. Sci. 2(9) (2006), 710-715.
[44]
D. Skillicorn, Adversarial knowledge discovery, IEEE Intell. Syst. 24(2009), 54-61.
[45]
H. Thimbleby, S. Anderson and P. Cairns, A framework for modelling Trojans and computer virus infection, Comput. J. 41(7) (1998), 444-458.
[46]
T. Verwoerd and R. Hunt, Intrusion detection techniques and approaches, Comput. Commun. 25(15) (2002), 1356-1365.
[47]
A. Waibel, T. Hanazawa, G. Hinton, K. Shikano and K.J. Lang, Phoneme recognition using timedelay neural networks, IEEE Trans. Acoust. Speech Signal Process. 37(3) (1989), 328-339.
[48]
N. Wanas, G. Auda, M. Kamel and F. Karray, On the optimal number of hidden nodes in a neural network, in: Proc. IEEE 11th Canadian Conference on Electrical and Computer Engineering, Waterloo, ON, Canada, Vol. 2, IEEE Computer Society, Washington, DC, 1998, pp. 918-921.
[49]
M. Weber, M. Schmid, M. Schatz and D. Geyer, A toolkit for detecting and analyzing malicious software, in: Proc. 18th Annual Computer Security Applications Conference, IEEE Computer Society, Washington, DC, 2002, p. 423.
[50]
P.J. Werbos, Backpropagation through time: what it does and how to do it, in: Proc. IEEE 78(10) (1990), 1550-1560.
[51]
I. Whalley, Testing Times for Trojans, in: Proc. 9th Virus Bulletin Conference, Vol. 99, Virus Bulletin Ltd, Abingdon, UK, 1999, pp. 55-68.
[52]
J. Xiao and H. Song, A novel intrusion detection method based on adaptive resonance theory and principal component analysis, Proc. WRI International Conference on Communications and Mobile Computing, Yunnan, Vol. 3, IEEE Computer Society, Washington, DC, 2009, pp. 445-449.
[53]
Z. Yang, X. Wei, L. Bi, D. Shi and H. Li, An intrusion detection system based on RBF neural network, in: Proc. 9th International Conference on Computer Supported Cooperative Work in Design, Coventry, UK, Vol. 2, IEEE Computer Society, Washington, DC, 2005, pp. 873-875.
[54]
A. Young, Handbook of Information Security, H. Bidgoli, ed., Wiley, New York, NY, 2006.
[55]
P. Zhang (ed.), Neural Networks in Business Forecasting, Idea Group Publishing, Hershey, PA, 2004.
[56]
K. Zhou, Y. Kang, Y. Huang and E. Feng, Encrypting algorithm based on RBF neural network, in: Proc. 3rd International Conference on Natural Computation, Haikou, Vol. 1, IEEE Computer Society, Washington, DC, 2007, pp. 765-768.
[57]
K. Zhou, T. Quan and Y. Kang, Study on information hiding algorithm based on RBF and LSB, in: Proc. 4th International Conference on Natural Computation, Jinan, Vol. 5, IEEE Computer Society, Washington, DC, 2008, pp. 612-614.

Cited By

View all
  • (2024)Securing AI‐based healthcare systems using blockchain technologyTransactions on Emerging Telecommunications Technologies10.1002/ett.488435:1Online publication date: 15-Jan-2024
  • (2022)Robust feature-level adversaries are interpretability toolsProceedings of the 36th International Conference on Neural Information Processing Systems10.5555/3600270.3602668(33093-33106)Online publication date: 28-Nov-2022
  • (2021)Naive Bayes: applications, variations and vulnerabilities: a review of literature with code snippets for implementationSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-05297-625:3(2277-2293)Online publication date: 1-Feb-2021
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal of Computer Security
Journal of Computer Security  Volume 21, Issue 2
March 2013
124 pages

Publisher

IOS Press

Netherlands

Publication History

Published: 01 March 2013

Author Tags

  1. Artificial Intelligence
  2. Machine Learning
  3. Malware
  4. Neural Network
  5. Trojan

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Securing AI‐based healthcare systems using blockchain technologyTransactions on Emerging Telecommunications Technologies10.1002/ett.488435:1Online publication date: 15-Jan-2024
  • (2022)Robust feature-level adversaries are interpretability toolsProceedings of the 36th International Conference on Neural Information Processing Systems10.5555/3600270.3602668(33093-33106)Online publication date: 28-Nov-2022
  • (2021)Naive Bayes: applications, variations and vulnerabilities: a review of literature with code snippets for implementationSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-05297-625:3(2277-2293)Online publication date: 1-Feb-2021
  • (2019)Detection of Trojaning Attack on Neural Networks via Cost of Sample ClassificationSecurity and Communication Networks10.1155/2019/19538392019Online publication date: 29-Nov-2019

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media