- Notifications
You must be signed in to change notification settings - Fork5
Hide some secret 😎 data in a Neural Network - text, malicious software or watermark your NN
gaborvecsei/Neural-Network-Steganography
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Hide some secret data in a Neural Network - text, malicious software or watermark your NN.(As long as you can convert it to bytes, you can hide it.)
A neural network usually contains many parameters which are represented as floating point numbers(generally 32bit floats). We can modify the bits of the parameters to hide data in the neural network with no or justa small degradation of the metric (e.g.: accuracy) used to evaluate the NN.
Unofficial implementation, with understandability in mind (verbose implementation)
I could write about it, but with some pseudo code you'll understand better
# Init an already trained model and a dataset containing imagesmodel=load_model("resnet50",weights="imagenet")dataset=create_dataset()# Test the model without any modificationsoriginal_predictions=model.predict(dataset)# Hide the secret in the model weights - this modifies the float values in the modelsecret=read_secret()hide_secret_in_model(model,secret,bit_to_use=8)# With the modified weights make predictions for the same datasetmodified_predictions=model.predict(dataset)# From here we can check what predictiosn changed in the model and adjust the hiding of the secret if necessarynb_predictions_changed=calculate_changes(original_predictions,modified_predictions)
Build the docker image
docker build -t stego_nn.Run the image - this will create a jupyter notebook instance
( is a folder where you have the images used for testing)
docker run -d --rm --name stegonn -p 8888:8888 -v$(pwd):/code -v<DATA>:/data --gpus'"device=0"' -u$(id -u):$(id -g) stego_nndockerexec stegonn jupyter lab list# Now you can open http://<IP>:8888 for the jupyter notebook server
@article{DBLP:journals/corr/abs-2107-08590,author ={Zhi Wang and Chaoge Liu and Xiang Cui},title ={EvilModel: Hiding Malware Inside of Neural Network Models},journal ={CoRR},volume ={abs/2107.08590},year ={2021},url ={https://arxiv.org/abs/2107.08590},eprinttype ={arXiv},eprint ={2107.08590},timestamp ={Thu, 22 Jul 2021 11:14:11 +0200},biburl ={https://dblp.org/rec/journals/corr/abs-2107-08590.bib},bibsource ={dblp computer science bibliography, https://dblp.org}}
@article{DBLP:journals/corr/abs-2109-04344,author ={Zhi Wang and Chaoge Liu and Xiang Cui and Jie Yin},title ={EvilModel 2.0: Hiding Malware Inside of Neural Network Models},journal ={CoRR},volume ={abs/2109.04344},year ={2021},url ={https://arxiv.org/abs/2109.04344},eprinttype ={arXiv},eprint ={2109.04344},timestamp ={Tue, 21 Sep 2021 17:46:04 +0200},biburl ={https://dblp.org/rec/journals/corr/abs-2109-04344.bib},bibsource ={dblp computer science bibliography, https://dblp.org}}
@inproceedings{10.1145/3427228.3427268,author ={Liu, Tao and Liu, Zihao and Liu, Qi and Wen, Wujie and Xu, Wenyao and Li, Ming},title ={StegoNet: Turn Deep Neural Network into a Stegomalware},year ={2020},isbn ={9781450388580},publisher ={Association for Computing Machinery},address ={New York, NY, USA},url ={https://doi.org/10.1145/3427228.3427268},doi ={10.1145/3427228.3427268},booktitle ={Annual Computer Security Applications Conference},pages ={928–938},numpages ={11},location ={Austin, USA},series ={ACSAC '20}}
This repo does not encourage anyone to use such techniques to commit anything illegal. Its only intention it toexperiment with hiding secrets in neural networks
From/u/jrkirby from myReddit post:
Yes, for when Alice is regularly passing trained neural networks to Bob and wants to convey secret information. While Eve is monitoring their communications and will be alerted if they send actual encrypted communications between each other, Eve finds no suspicion in the regular back & forth of models trained on the same task, with the same methodology, and similar performance.If that situation sounds like the one you're in, this is a game changer.
About
Hide some secret 😎 data in a Neural Network - text, malicious software or watermark your NN
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Uh oh!
There was an error while loading.Please reload this page.