Artificial intelligence has made significant progress in the last decade, leading to a rise in the popularity of model sharing. The model zoo ecosystem, a repository of pre-trained AI models, has advanced the AI open-source community and opened new avenues for cyber risks. Malicious attackers can exploit shared models to launch cyber-attacks. This work focuses on the steganalysis of injected malicious Least Significant Bit (LSB) steganography into AI models, and it is the first work focusing on AI model attacks. In response to this threat, this paper presents a steganalysis method specifically tailored to detect and mitigate malicious LSB steganography attacks based on supervised and unsupervised AI detection steganalysis methods. Our proposed technique aims to preserve the integrity of shared models, protect user trust, and maintain the momentum of open collaboration within the AI community. In this work, we propose 3 steganalysis methods and open source our code. We found that the success of the steganalysis depends on the LSB attack location. If the attacker decides to exploit the least significant bits in the LSB, the ability to detect the attacks is low. However, if the attack is in the most significant LSB bits, the attack can be detected with almost perfect accuracy.

中文翻译：

---

AI 模型 LSB 攻击的隐写分析

人工智能在过去十年中取得了重大进展，导致模型共享越来越受欢迎。模型动物园生态系统是预先训练的人工智能模型的存储库，它推动了人工智能开源社区的发展，并为网络风险开辟了新途径。恶意攻击者可以利用共享模型发起网络攻击。这项工作专注于将恶意最低有效位（LSB）隐写术注入人工智能模型的隐写分析，是第一个专注于人工智能模型攻击的工作。针对这一威胁，本文提出了一种基于监督和无监督 AI 检测隐写分析方法的隐写分析方法，专门用于检测和减轻恶意 LSB 隐写攻击。我们提出的技术旨在保持共享模型的完整性，保护用户信任，并维持人工智能社区内开放协作的势头。在这项工作中，我们提出了 3 种隐写分析方法并开源了我们的代码。我们发现隐写分析的成功取决于LSB攻击位置。如果攻击者决定利用 LSB 中的最低有效位，则检测攻击的能力就会很低。然而，如果攻击发生在最高有效的 LSB 位中，则可以以几乎完美的精度检测到该攻击。