AI/LLM Model File Contains Executable Code (Keras HFS5 .h5)

medium Nessus Plugin ID 204853

Synopsis

An AI/LLM model file on the remote host contains executable code.

Description

The host contains AI/LLM model files which may contain malicious instructions. This plugin looks for Keras Lambda layer in an HFS5 (.hf) file. It then attempts to unpack the compiled lambda function definition and display any readable text. This may include function name, library names, called functions, and any strings.
This may be helpful in identifying whether the function is legitimate or not.
Note that it may not be possible to decompile the function definition without using a python interpreter or decompiler.

NOTE: This plugin only checks files up to 5GB in size by default. Enable Thorough Tests to check up to 10GB files.

Solution

Investigate any model files identified by this plugin to ensure their presence is intendend and that they have not been tampered with. Review the plugin output for signs of unintentional model file tampering.

See Also

https://kb.cert.org/vuls/id/253266

Plugin Details

Severity: Medium

ID: 204853

File Name: ai_model_keras_hfs5_contains_executable_code.nbin

Version: 1.28

Type: local

Agent: unix

Family: Misc.

Published: 7/30/2024

Updated: 12/18/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport