{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T13:37:57Z","timestamp":1770471477715,"version":"3.49.0"},"reference-count":67,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1109\/tdsc.2025.3586703","type":"journal-article","created":{"date-parts":[[2025,7,7]],"date-time":"2025-07-07T13:54:27Z","timestamp":1751896467000},"page":"6504-6521","source":"Crossref","is-referenced-by-count":2,"title":["Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5686-3831","authenticated-orcid":false,"given":"Dorjan","family":"Hitaj","sequence":"first","affiliation":[{"name":"Department of Computer Science, Sapienza University of Rome, Roma, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4626-6045","authenticated-orcid":false,"given":"Giulio","family":"Pagnotta","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Sapienza University of Rome, Roma, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9718-1044","authenticated-orcid":false,"given":"Fabio","family":"De Gaspari","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Sapienza University of Rome, Roma, Italy"}]},{"given":"Sediola","family":"Ruko","sequence":"additional","affiliation":[{"name":"DEIM, Università degli Studi della Tuscia, Viterbo, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5925-3027","authenticated-orcid":false,"given":"Briland","family":"Hitaj","sequence":"additional","affiliation":[{"name":"Computer Science Laboratory, SRI International, Menlo Park, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4859-2191","authenticated-orcid":false,"given":"Luigi V.","family":"Mancini","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Sapienza University of Rome, Roma, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8996-5076","authenticated-orcid":false,"given":"Fernando","family":"Perez-Cruz","sequence":"additional","affiliation":[{"name":"Swiss Data Science Center, Computer Science Department, ETH Zürich, Zürich, Switzerland"}]}],"member":"263","reference":[{"key":"ref1","first-page":"27826","article-title":"Unsupervised speech recognition","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Baevski"},{"key":"ref2","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4899-3276-1","volume-title":"Error Correcting Codes A Mathematical Introduction","author":"Baylis","year":"1998"},{"key":"ref3","first-page":"1877","article-title":"Language models are few-shot learners","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Brown"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.sigpro.2009.08.010"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.195"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1002\/0471200611"},{"key":"ref7","article-title":"AMSI bypass: Patching technique","year":"2018"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57878-7_13"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-022-07096-6"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-022-07586-7"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1810.04805"},{"key":"ref13","article-title":"Llama 2: Open foundation and fine-tuned chat models","author":"Touvron","year":"2023"},{"key":"ref14","article-title":"LLAMA 2 7B - GGML","author":"Face","year":"2023"},{"key":"ref15","article-title":"PyTorch","author":"Foundation","year":"2023"},{"key":"ref16","article-title":"PyTorch documentation","author":"Foundation","year":"2023"},{"key":"ref17","volume-title":"Deep Learning","author":"Goodfellow","year":"2016"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6638947"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref21","article-title":"Measuring massive multitask language understanding","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Hendrycks"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-21568-2_11"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3708821.3733867"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17143-7_21"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.243"},{"key":"ref27","article-title":"A study of BFLOAT16 for deep learning training","author":"Kalamkar","year":"2019"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/GLOBECOM46510.2021.9685232"},{"key":"ref29","article-title":"Learning multiple layers of features from tiny images","author":"Krizhevsky","year":"2009"},{"key":"ref30","article-title":"MNIST handwritten digit database","author":"LeCun","year":"2010"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01615"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427268"},{"key":"ref34","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"McMahan"},{"key":"ref35","article-title":"Federated learning: Collaborative machine learning without centralized training data","author":"McMahan","year":"2017"},{"key":"ref36","article-title":"Federated learning: Collaborative machine learning without centralized training data","author":"McMahan","year":"2023"},{"key":"ref37","article-title":"Bypassing user-mode hooks and direct invocation of system calls for red teams","year":"2023"},{"key":"ref38","article-title":"Pointer sentinel mixture models","author":"Merity","year":"2016"},{"key":"ref40","volume-title":"Machine Learning","author":"Mitchell","year":"1997"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-6193-4_10"},{"key":"ref42","article-title":"Thezoo - a live malware repository","author":"Nativ","year":"2021"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.98"},{"key":"ref44","article-title":"GPT-4 technical report","year":"2023"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3318964"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00035"},{"key":"ref47","first-page":"1382","article-title":"Improving password guessing via representation learning","volume-title":"Proc. 2021 IEEE Symp. Secur. Privacy","author":"Pasquini"},{"key":"ref48","first-page":"1015","article-title":"ESC: Dataset for environmental sound classification","volume-title":"Proc. 23rd Annu. ACM Conf. Multimedia","author":"Piczak"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453101"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-51482-1_9"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511791338"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01042"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/18.335940"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102627"},{"key":"ref56","article-title":"A novel method for bypassing ETW","year":"2023"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813687"},{"key":"ref58","article-title":"Very deep convolutional networks for large-scale image recognition","author":"Simonyan","year":"2014"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-16745-9_27"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70569-9"},{"key":"ref62","volume-title":"Multiuser Detection","author":"Verdu","year":"1998"},{"key":"ref63","first-page":"1025","article-title":"Capacity region of gaussian CDMA channels: The symbol synchronous case","volume-title":"Proc. 24th Allerton Conf.","author":"Verdu"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.2002.1028876"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/18.782121"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC53001.2021.9631425"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102807"},{"key":"ref68","first-page":"38 087","article-title":"SmoothQuant: Accurate and efficient post-training quantization for large language models","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Xiao"},{"key":"ref69","article-title":"Fashion-MNIST: A novel image dataset for benchmarking machine learning algorithms","author":"Xiao","year":"2017"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-27529-7_29"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11242243\/11072358.pdf?arnumber=11072358","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T21:00:57Z","timestamp":1763154057000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11072358\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11]]},"references-count":67,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3586703","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11]]}}}