Mobile malware has become one of the most critical security threats in the era of ubiquitous mobile computing. Despite the intensive efforts from security experts to counteract it, recent years have still witnessed a rapid growth of identified malware samples. This could be partly attributed to the newly-emerged technologies that may constantly open up under-studied attack surfaces for the adversaries. One typical example is the recently-developed mobile machine learning (ML) framework that enables storing and running deep learning (DL) models on mobile devices. Despite obvious advantages, this new feature also inadvertently introduces potential vulnerabilities (e.g., on-device models may be modified for malicious purposes). In this work, we propose a method to generate or transform mobile malware by hiding the malicious payloads inside the parameters of deep learning models, based on a strategy that considers four factors (layer type, layer number, layer coverage and the number of bytes to replace). Utilizing the proposed method, we can run malware in DL mobile applications covertly with little impact on the model performance (i.e., as little as 0.4% drop in accuracy and at most 39ms latency overhead).

翻译：移动恶意软件已成为普适移动计算时代最重大的安全威胁之一。尽管安全专家投入大量精力予以对抗，近年来识别的恶意软件样本数量仍呈现快速增长趋势。这一现象可部分归因于新兴技术不断为攻击者开辟尚未被充分研究的新攻击面。典型例子是近期发展的移动机器学习框架，该框架支持在移动设备上存储和运行深度学习模型。虽然这一新特性具有明显优势，但也无意中引入了潜在漏洞（例如设备端模型可能被篡改用于恶意目的）。本研究提出一种生成或转化移动恶意软件的方法，通过将恶意载荷隐藏在深度学习模型参数中，该策略综合考虑四个因素（层类型、层数、层覆盖率及替换字节数）。利用所提方法，我们可以在深度学习移动应用中隐蔽运行恶意软件，且对模型性能影响极小（准确率下降幅度低至0.4%，延迟开销最多39毫秒）。