Similar to the revolution of open source code sharing, Artificial Intelligence (AI) model sharing is gaining increased popularity. However, the fast adaptation in the industry, lack of awareness, and ability to exploit the models make them significant attack vectors. By embedding malware in neurons, the malware can be delivered covertly, with minor or no impact on the neural network's performance. The covert attack will use the Least Significant Bits (LSB) weight attack since LSB has a minimal effect on the model accuracy, and as a result, the user will not notice it. Since there are endless ways to hide the attacks, we focus on a zero-trust prevention strategy based on AI model attack disarm and reconstruction. We proposed three types of model steganography weight disarm defense mechanisms. The first two are based on random bit substitution noise, and the other on model weight quantization. We demonstrate a 100\% prevention rate while the methods introduce a minimal decrease in model accuracy based on Qint8 and K-LRBP methods, which is an essential factor for improving AI security.

翻译：类似于开源代码共享的革命，人工智能模型共享正日益流行。然而，行业中的快速应用、缺乏安全意识以及利用模型的能力使其成为重要的攻击载体。通过将恶意软件嵌入神经元中，可以在对神经网络性能影响极小甚至无影响的情况下隐蔽地传递恶意软件。这种隐蔽攻击将利用最低有效位权重攻击，因为最低有效位对模型准确性的影响微乎其微，用户因此难以察觉。由于隐藏攻击的方式数不胜数，我们聚焦于一种基于零信任预防策略的方法，即通过AI模型攻击解除与重构。我们提出了三种类型的模型隐写权重解除防御机制：前两种基于随机比特替换噪声，另一种基于模型权重量化。我们展示了100%的预防率，同时这些方法基于Qint8和K-LRBP方法，仅导致模型准确性极小下降，这是提升AI安全性的关键因素。