Go to OpenReview Archive homepageCloud-Based Machine Learning Models as Covert Communication Channels
Abstract: While Machine Learning (ML) is one of the most promising technologies in our era, it is prone to a variety of attacks. One of them is
covert channels, that enable two parties to stealthily transmit information through carriers intended for different purposes. Existing
works only explore covert channels for federated ML. Thereby, communication is established among multiple entities that collaborate
to train a model, while relying on access to model internals.
This paper presents covert channels within ML models trained
and publicly deployed in cloud-based (black-box) environments.
The approach relies on targeted poisoning, or backdoor, attacks
to encode messages into the model. It incorporates multiple wellchosen backdoors only through dataset poisoning and without
requiring access to model internals or the training process. After
model deployment, messages can be extracted via inference.
We propose three covert channel versions with varying levels
of message robustness and capacity while emphasizing minimal
extraction effort, minimal pre-shared knowledge, or maximum message stealthiness. We investigate influencing factors affecting embedded backdoors and propose novel techniques to incorporate
numerous backdoors simultaneously for message encoding. Experiments across various datasets and model architectures demonstrate
message transmission of 20 to 66 bits with minimal error rates.
Loading