Exploiting Deep Neural Networks as Covert Channels

With the increasing development of deep learning models, the security of these models has become more important. In this work, for the first time, we have investigated the possibility of abusing the deep model as a covert channel. The concept of a covert channel is to use a channel that is not designed for information exchange for transmitting a covert message. This work studies how a deep model can be used by an adversary as a covert channel. The proposed approach is using an end-to-end training deep model called the covert model to produce artificial data which includes some covert messages. This artificial data is the input of the deep model, which is aimed at being exploited as a covert channel, in such a way that the signal will be covered in the output of this model. To achieve indistinguishability of concealment, generative adversarial networks are used. The results show that it is possible to have a covert channel with an acceptable message transmission power in well-known deep models such as the ResNet and InceptionV3 models. Results of case studies indicate the signal-to-noise ratio (SNR) of 12.67, the bit error rate (BER) of 0.08, and the accuracy of the deep model used to hide the signal reaches 92%.