Covert Task Embedding: Turning a DNN Into an Insider Agent Leaking Out Private Information.

We present the covert task embedding (CTE) attack, a new general threat affecting deep neural networks (DNNs). The new attack consists in hiding a malicious privacy-sensitive task within a seemingly innocuous network, in such a way that the result of the malicious task is delivered together with the legitimate output in a stealthy way. The result of the covert task is further protected by requiring that its extraction depends on a secret key shared by the embedder and the detector. We demonstrate the feasibility of the CTE attack in various settings, wherein a face-based age estimation DNN is trained in such a way as to also detect the gender (binary classification task) or ethnicity (multiclassification task) of the framed individual and stealthily pass along such information together with the estimated age. The results of the experiments we carried out show that, in all cases, the gender and ethnicity information can be reliably extracted without impairing the accuracy of the age estimation functionality. Despite the simplicity of the estting considered in the brief, our experiments show the feasibility of the CTE attack, thus calling for the development of suitable remedies against it.