Abstract
While artificial intelligence (AI) is widely applied in various areas, it isalso being used maliciously. It is necessary to study and predict AI-poweredattacks to prevent them in advance. Turning neural network models intostegomalware is a malicious use of AI, which utilizes the features of neuralnetwork models to hide malware while maintaining the performance of the models.However, the existing methods have a low malware embedding rate and a highimpact on the model performance, making it not practical. Therefore, byanalyzing the composition of the neural network models, this paper proposes newmethods to embed malware in models with high capacity and no service qualitydegradation. We used 19 malware samples and 10 mainstream models to build 550malware-embedded models and analyzed the models' performance on ImageNetdataset. A new evaluation method that combines the embedding rate, the modelperformance impact and the embedding effort is proposed to evaluate theexisting methods. This paper also designs a trigger and proposes an applicationscenario in attack tasks combining EvilModel with WannaCry. This paper furtherstudies the relationship between neural network models' embedding capacity andthe model structure, layer and size. With the widespread application ofartificial intelligence, utilizing neural networks for attacks is becoming aforwarding trend. We hope this work can provide a reference scenario for thedefense of neural network-assisted attacks.