Abstract
This paper examines the challenges in distributing AI models through file transfer mechanisms. Despite advancements in security measures, vulnerabilities persist, necessitating a multi-layered approach to mitigate risks effectively. The physical security of model files is critical, requiring stringent access controls and attack prevention solutions. This paper proposes a novel solution architecture that protects the model architecture and weights from attacks by using Moving Target Defense (MTD), which obfuscates the model, preventing unauthorized access, and enabling detection of changes to the model. Our method is shown to be effective at detecting alterations to the model, such as steganography; it is faster than encryption (0.1 seconds to obfuscate vs. 18 seconds to encrypt for a 2500 MB model), and it preserves the accessibility of the original model file format, unlike encryption. Finally, our code is available at https://github.com/ArielCyber/AI-model-MTD.git.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025 |
| Editors | Marek Bolanowski, Maria Ganzha, Leszek A. Maciaszek, Leszek A. Maciaszek, Marcin Paprzycki, Dominik Slezak |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 699-704 |
| Number of pages | 6 |
| Edition | 2025 |
| ISBN (Electronic) | 9788397329164 |
| DOIs | |
| State | Published - 2025 |
| Event | 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025 - Krakow, Poland Duration: 14 Sep 2025 → 17 Sep 2025 |
Conference
| Conference | 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025 |
|---|---|
| Country/Territory | Poland |
| City | Krakow |
| Period | 14/09/25 → 17/09/25 |