{"id":"https://openalex.org/W4403520284","doi":"https://doi.org/10.1145/3691620.3695271","title":"Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs","display_name":"Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs","publication_year":2024,"publication_date":"2024-10-18","ids":{"openalex":"https://openalex.org/W4403520284","doi":"https://doi.org/10.1145/3691620.3695271"},"language":"en","primary_location":{"id":"doi:10.1145/3691620.3695271","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3691620.3695271","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2409.09368","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100310513","display_name":"Jian Zhao","orcid":null},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jian Zhao","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0003-5716-1462","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029601880","display_name":"Shenao Wang","orcid":"https://orcid.org/0000-0003-3818-3343"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shenao Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0003-3818-3343","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023970004","display_name":"Yanjie Zhao","orcid":"https://orcid.org/0000-0001-8793-5367"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanjie Zhao","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0001-8793-5367","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065658217","display_name":"Xinyi Hou","orcid":"https://orcid.org/0009-0005-9965-2109"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinyi Hou","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0005-9965-2109","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000432413","display_name":"Kailong Wang","orcid":"https://orcid.org/0000-0002-3977-6573"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kailong Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-3977-6573","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001126748","display_name":"Peiming Gao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Peiming Gao","raw_affiliation_strings":["MYbank, Ant Group, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0000-8255-7926","affiliations":[{"raw_affiliation_string":"MYbank, Ant Group, Hangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065781699","display_name":"Y. Zhang","orcid":"https://orcid.org/0009-0003-8396-8833"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuanchao Zhang","raw_affiliation_strings":["MYbank, Ant Group, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0003-8396-8833","affiliations":[{"raw_affiliation_string":"MYbank, Ant Group, Hangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Chen Wei","orcid":"https://orcid.org/0009-0006-6312-8601"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen Wei","raw_affiliation_strings":["MYbank, Ant Group, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0006-6312-8601","affiliations":[{"raw_affiliation_string":"MYbank, Ant Group, Hangzhou, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5115695530","display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0003-1100-8633"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0003-1100-8633","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5100310513"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":1.8832,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.86996444,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"2087","last_page":"2098"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7744815945625305},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6433933973312378},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6402587890625},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2287185788154602}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7744815945625305},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6433933973312378},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6402587890625},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2287185788154602},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3691620.3695271","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3691620.3695271","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2409.09368","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2409.09368","pdf_url":"https://arxiv.org/pdf/2409.09368","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2409.09368","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2409.09368","pdf_url":"https://arxiv.org/pdf/2409.09368","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7659621868","display_name":null,"funder_award_id":"62072046","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320318398","display_name":"Ant Group","ror":null},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4403520284.pdf"},"referenced_works_count":11,"referenced_works":["https://openalex.org/W3119866685","https://openalex.org/W3163168187","https://openalex.org/W3213508244","https://openalex.org/W4226012237","https://openalex.org/W4287391717","https://openalex.org/W4308562533","https://openalex.org/W4384345640","https://openalex.org/W4385208592","https://openalex.org/W4388502409","https://openalex.org/W4400215887","https://openalex.org/W4400266869"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"The":[0],"proliferation":[1],"of":[2,13,35,52,76,84,210,234,250],"pre-trained":[3,58,251],"models":[4,191,198],"(PTMs)":[5],"and":[6,24,33,79,92,103,132,138,146,161,192,199,219],"datasets":[7,145],"has":[8,175,186],"led":[9],"to":[10,136],"the":[11,48,63,232,235,248],"emergence":[12],"centralized":[14],"model":[15,59,77,127,252],"hubs":[16],"like":[17,90],"Hugging":[18,64,119,167],"Face,":[19],"which":[20],"facilitate":[21],"collaborative":[22],"development":[23],"reuse.":[25],"However,":[26],"recent":[27],"security":[28,43,211,233,249],"reports":[29],"have":[30,159],"uncovered":[31],"vulnerabilities":[32],"instances":[34],"malicious":[36,53,140,197,201],"attacks":[37,56,143],"within":[38,170],"these":[39,109],"platforms,":[40],"highlighting":[41],"growing":[42],"concerns.":[44],"This":[45,222],"paper":[46],"presents":[47],"first":[49],"systematic":[50],"study":[51],"code":[54,141],"poisoning":[55,142],"on":[57,62,164],"hubs,":[60],"focusing":[61],"Face":[65,120,168],"platform.":[66],"We":[67],"conduct":[68],"a":[69,74,153,165,208,227,242],"comprehensive":[70,104],"threat":[71,105],"analysis,":[72,131],"develop":[73],"taxonomy":[75],"formats,":[78],"perform":[80],"root":[81],"cause":[82],"analysis":[83,102],"vulnerable":[85],"formats.":[86],"While":[87],"existing":[88],"tools":[89],"Fickling":[91],"ModelScan":[93],"offer":[94],"some":[95],"protection,":[96],"they":[97],"face":[98],"limitations":[99],"in":[100,144,230],"semantic-level":[101],"detection.":[106],"To":[107],"address":[108],"challenges,":[110],"we":[111,158],"propose":[112],"MalHug,":[113],"an":[114],"end-to-end":[115],"pipeline":[116],"tailored":[117],"for":[118,178,246],"that":[121],"combines":[122],"dataset":[123,202],"loading":[124,203],"script":[125],"extraction,":[126],"deserialization,":[128],"in-depth":[129],"taint":[130],"heuristic":[133],"pattern":[134],"matching":[135],"detect":[137],"classify":[139],"models.":[147],"In":[148],"collaboration":[149],"with":[150],"Ant":[151],"Group,":[152],"leading":[154],"financial":[155],"technology":[156],"company,":[157],"implemented":[160],"deployed":[162],"MalHug":[163,185],"mirrored":[166],"instance":[169],"their":[171],"infrastructure,":[172],"where":[173],"it":[174],"been":[176],"operational":[177],"over":[179],"three":[180],"months.":[181],"During":[182],"this":[183],"period,":[184],"monitored":[187],"more":[188],"than":[189],"705K":[190],"176K":[193],"datasets,":[194],"uncovering":[195],"91":[196],"9":[200],"scripts.":[204],"These":[205],"findings":[206],"reveal":[207],"range":[209],"threats,":[212],"including":[213],"reverse":[214],"shell,":[215],"browser":[216],"credential":[217],"theft,":[218],"system":[220],"reconnaissance.":[221],"work":[223],"not":[224],"only":[225],"bridges":[226],"critical":[228],"gap":[229],"understanding":[231],"PTM":[236],"supply":[237],"chain":[238],"but":[239],"also":[240],"provides":[241],"practical,":[243],"industry-tested":[244],"solution":[245],"enhancing":[247],"hubs.":[253]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2}],"updated_date":"2026-05-22T09:01:20.584952","created_date":"2025-10-10T00:00:00"}