Steganalysis of AI Models LSB Attacks

TL;DR

This paper introduces the first steganalysis techniques tailored to detect malicious LSB steganography in AI models, addressing a new cyber threat in model sharing ecosystems with high detection accuracy depending on attack location.

Contribution

It presents three novel steganalysis methods for AI model attacks and provides open-source code, advancing cybersecurity measures for shared AI models.

Findings

Detection accuracy is high when attacks target most significant bits.

Detection success decreases when attacks exploit least significant bits.

Proposed methods effectively mitigate malicious steganography in AI models.

Abstract

Artificial intelligence has made significant progress in the last decade, leading to a rise in the popularity of model sharing. The model zoo ecosystem, a repository of pre-trained AI models, has advanced the AI open-source community and opened new avenues for cyber risks. Malicious attackers can exploit shared models to launch cyber-attacks. This work focuses on the steganalysis of injected malicious Least Significant Bit (LSB) steganography into AI models, and it is the first work focusing on AI model attacks. In response to this threat, this paper presents a steganalysis method specifically tailored to detect and mitigate malicious LSB steganography attacks based on supervised and unsupervised AI detection steganalysis methods. Our proposed technique aims to preserve the integrity of shared models, protect user trust, and maintain the momentum of open collaboration within the AI community. In this work, we propose 3 steganalysis methods and open source our code. We found that the success of the steganalysis depends on the LSB attack location. If the attacker decides to exploit the least significant bits in the LSB, the ability to detect the attacks is low. However, if the attack is in the most significant LSB bits, the attack can be detected with almost perfect accuracy.