{"id":"https://openalex.org/W4412081471","doi":"https://doi.org/10.1109/tdsc.2025.3586703","title":"Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem","display_name":"Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem","publication_year":2025,"publication_date":"2025-07-07","ids":{"openalex":"https://openalex.org/W4412081471","doi":"https://doi.org/10.1109/tdsc.2025.3586703"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2025.3586703","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3586703","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080694735","display_name":"Dorjan Hitaj","orcid":"https://orcid.org/0000-0001-5686-3831"},"institutions":[{"id":"https://openalex.org/I861853513","display_name":"Sapienza University of Rome","ror":"https://ror.org/02be6w209","country_code":"IT","type":"education","lineage":["https://openalex.org/I861853513"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Dorjan Hitaj","raw_affiliation_strings":["Department of Computer Science, Sapienza University of Rome, Roma, Italy","Department of Computer Science, Sapienza University of Rome, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Roma, Italy","institution_ids":["https://openalex.org/I861853513"]},{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Italy","institution_ids":["https://openalex.org/I861853513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083399524","display_name":"Giulio Pagnotta","orcid":"https://orcid.org/0000-0002-4626-6045"},"institutions":[{"id":"https://openalex.org/I861853513","display_name":"Sapienza University of Rome","ror":"https://ror.org/02be6w209","country_code":"IT","type":"education","lineage":["https://openalex.org/I861853513"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Giulio Pagnotta","raw_affiliation_strings":["Department of Computer Science, Sapienza University of Rome, Roma, Italy","Department of Computer Science, Sapienza University of Rome, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Roma, Italy","institution_ids":["https://openalex.org/I861853513"]},{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Italy","institution_ids":["https://openalex.org/I861853513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062718348","display_name":"Fabio De Gaspari","orcid":"https://orcid.org/0000-0001-9718-1044"},"institutions":[{"id":"https://openalex.org/I861853513","display_name":"Sapienza University of Rome","ror":"https://ror.org/02be6w209","country_code":"IT","type":"education","lineage":["https://openalex.org/I861853513"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio De Gaspari","raw_affiliation_strings":["Department of Computer Science, Sapienza University of Rome, Roma, Italy","Department of Computer Science, Sapienza University of Rome, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Roma, Italy","institution_ids":["https://openalex.org/I861853513"]},{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Italy","institution_ids":["https://openalex.org/I861853513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5094095244","display_name":"Sediola Ruko","orcid":null},"institutions":[{"id":"https://openalex.org/I138938424","display_name":"Universit\u00e0 degli Studi della Tuscia","ror":"https://ror.org/03svwq685","country_code":"IT","type":"education","lineage":["https://openalex.org/I138938424"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Sediola Ruko","raw_affiliation_strings":["DEIM, Universit&#x00E0; degli Studi della Tuscia, Viterbo, Italy","DEIM, Universit&#x00E0; degli Studi della Tuscia, Italy"],"affiliations":[{"raw_affiliation_string":"DEIM, Universit&#x00E0; degli Studi della Tuscia, Viterbo, Italy","institution_ids":["https://openalex.org/I138938424"]},{"raw_affiliation_string":"DEIM, Universit&#x00E0; degli Studi della Tuscia, Italy","institution_ids":["https://openalex.org/I138938424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068361533","display_name":"Briland Hitaj","orcid":"https://orcid.org/0000-0001-5925-3027"},"institutions":[{"id":"https://openalex.org/I1298353152","display_name":"SRI International","ror":"https://ror.org/05s570m15","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1298353152"]},{"id":"https://openalex.org/I4210099336","display_name":"Menlo School","ror":"https://ror.org/01240pn49","country_code":"US","type":"education","lineage":["https://openalex.org/I4210099336"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Briland Hitaj","raw_affiliation_strings":["Computer Science Laboratory, SRI International, Menlo Park, CA, USA","Computer Science Laboratory, SRI International, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Laboratory, SRI International, Menlo Park, CA, USA","institution_ids":["https://openalex.org/I1298353152","https://openalex.org/I4210099336"]},{"raw_affiliation_string":"Computer Science Laboratory, SRI International, USA","institution_ids":["https://openalex.org/I1298353152"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046905749","display_name":"Luigi V. Mancini","orcid":"https://orcid.org/0000-0003-4859-2191"},"institutions":[{"id":"https://openalex.org/I861853513","display_name":"Sapienza University of Rome","ror":"https://ror.org/02be6w209","country_code":"IT","type":"education","lineage":["https://openalex.org/I861853513"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Luigi V. Mancini","raw_affiliation_strings":["Department of Computer Science, Sapienza University of Rome, Roma, Italy","Department of Computer Science, Sapienza University of Rome, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Roma, Italy","institution_ids":["https://openalex.org/I861853513"]},{"raw_affiliation_string":"Department of Computer Science, Sapienza University of Rome, Italy","institution_ids":["https://openalex.org/I861853513"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088555568","display_name":"Fernando P\u00e9rez\u2010Cruz","orcid":"https://orcid.org/0000-0001-8996-5076"},"institutions":[{"id":"https://openalex.org/I4210122261","display_name":"Swiss Data Science Center","ror":"https://ror.org/02hdt9m26","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I2799323385","https://openalex.org/I35440088","https://openalex.org/I4210122261","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Fernando Perez-Cruz","raw_affiliation_strings":["Swiss Data Science Center, Computer Science Department, ETH Z&#x00FC;rich, Z&#x00FC;rich, Switzerland","Swiss Data Science Center, Computer Science Department ETH Z&#x00FC;rich, Switzerland"],"affiliations":[{"raw_affiliation_string":"Swiss Data Science Center, Computer Science Department, ETH Z&#x00FC;rich, Z&#x00FC;rich, Switzerland","institution_ids":["https://openalex.org/I4210122261"]},{"raw_affiliation_string":"Swiss Data Science Center, Computer Science Department ETH Z&#x00FC;rich, Switzerland","institution_ids":["https://openalex.org/I4210122261"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5080694735"],"corresponding_institution_ids":["https://openalex.org/I861853513"],"apc_list":null,"apc_paid":null,"fwci":3.122,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.91902375,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"22","issue":"6","first_page":"6504","last_page":"6521"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9879999756813049,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9635000228881836,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7385035157203674},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7316742539405823},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5339186787605286},{"id":"https://openalex.org/keywords/ecosystem","display_name":"Ecosystem","score":0.516056478023529},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.32490381598472595},{"id":"https://openalex.org/keywords/ecology","display_name":"Ecology","score":0.10272172093391418}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7385035157203674},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7316742539405823},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5339186787605286},{"id":"https://openalex.org/C110872660","wikidata":"https://www.wikidata.org/wiki/Q37813","display_name":"Ecosystem","level":2,"score":0.516056478023529},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.32490381598472595},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.10272172093391418},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tdsc.2025.3586703","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3586703","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:iris.uniroma1.it:11573/1744324","is_oa":false,"landing_page_url":"https://hdl.handle.net/11573/1744324","pdf_url":null,"source":{"id":"https://openalex.org/S4377196107","display_name":"IRIS Research product catalog (Sapienza University of Rome)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Life in Land","score":0.4399999976158142,"id":"https://metadata.un.org/sdg/15"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819"],"abstract_inverted_index":{"Training":[0],"high-quality":[1],"deep":[2,112],"learning":[3,71,146,194],"models":[4,28,35],"is":[5,119,130,156,165,201],"a":[6,68,82,160,174,190],"challenging":[7],"task":[8],"due":[9],"to":[10,85,104,139,202,220],"computational":[11],"and":[12,21,58,129,144,152,215,217],"technical":[13],"requirements.":[14],"A":[15],"growing":[16],"number":[17,162],"of":[18,67,111,126,163,186],"individuals,":[19],"institutions,":[20],"companies":[22],"increasingly":[23],"rely":[24],"on":[25],"pre-trained,":[26],"third-party":[27],"made":[29],"available":[30],"in":[31,42,55,90,108,142,211,224],"public":[32],"repositories.":[33],"These":[34],"are":[36,51],"often":[37],"used":[38,166],"directly":[39],"or":[40],"integrated":[41],"product":[43],"pipelines":[44],"with":[45,100,198],"no":[46],"particular":[47],"precautions,":[48],"since":[49],"they":[50],"effectively":[52],"just":[53],"data":[54],"tensor":[56],"form":[57],"considered":[59],"safe.":[60],"In":[61],"this":[62,199],"paper,":[63],"we":[64,172,218],"raise":[65,203],"awareness":[66,204],"new":[69],"machine":[70,193],"supply":[72],"chain":[73],"threat":[74],"targeting":[75],"neural":[76,91,113,177],"networks.":[77,92,114],"We":[78,135],"introduce":[79],"MaleficNet":[80,93,115,181],"2.0,":[81,182],"novel":[83],"technique":[84,118],"embed":[86],"self-extracting,":[87],"self-executing":[88],"malware":[89,179],"2.0":[94,116],"uses":[95],"spread-spectrum":[96],"channel":[97],"coding":[98],"combined":[99],"error":[101],"correction":[102],"techniques":[103,226],"inject":[105],"malicious":[106],"payloads":[107],"the":[109,124,127,168,184,187,212],"parameters":[110],"injection":[117],"stealthy,":[120],"does":[121],"not":[122],"degrade":[123],"performance":[125],"model,":[128],"robust":[131],"against":[132,189,205,227],"removal":[133],"techniques.":[134],"design":[136],"our":[137],"approach":[138],"work":[140,200],"both":[141,210],"traditional":[143],"distributed":[145],"settings":[147],"such":[148,228],"as":[149],"Federated":[150],"Learning,":[151],"demonstrate":[153],"that":[154],"it":[155],"effective":[157],"even":[158],"when":[159],"reduced":[161],"bits":[164],"for":[167],"model":[169],"parameters.":[170],"Finally,":[171],"implement":[173],"proof-of-concept":[175],"self-extracting":[176],"network":[178],"using":[180],"demonstrating":[183],"practicality":[185],"attack":[188],"widely":[191],"adopted":[192],"framework.":[195],"Our":[196],"aim":[197],"these":[206],"new,":[207],"dangerous":[208],"attacks":[209],"research":[213,223],"community":[214],"industry,":[216],"hope":[219],"encourage":[221],"further":[222],"mitigation":[225],"threats.":[229]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-14T23:14:49.485078","created_date":"2025-10-10T00:00:00"}