Pre-trained model sharing faces emerging threats of parameter-level malware injection: adversaries can embed self-executing malicious code directly into neural network weights, enabling stealthy execution upon model deployment. This paper proposes the first defense mechanism leveraging neural network permutation symmetry—introducing controlled weight reordering perturbations to disrupt the structural integrity of embedded malware, without requiring quantization or fine-tuning. The method preserves model accuracy with negligible degradation (<0.5% drop) while completely neutralizing state-of-the-art parameter-level malware attacks across diverse architectures, including ResNet, ViT, and LLaMA-2. Its core contribution lies in the principled translation of permutation symmetry theory into a practical, lightweight, and architecture-agnostic defense—demonstrating theoretical rigor, deployment efficiency, and broad applicability across vision and language models.

Pretrained deep learning model sharing holds tremendous value for researchers and enterprises alike. It allows them to apply deep learning by fine-tuning models at a fraction of the cost of training a brand-new model. However, model sharing exposes end-users to cyber threats that leverage the models for malicious purposes. Attackers can use model sharing by hiding self-executing malware inside neural network parameters and then distributing them for unsuspecting users to unknowingly directly execute them, or indirectly as a dependency in another software. In this work, we propose NeuPerm, a simple yet effec- tive way of disrupting such malware by leveraging the theoretical property of neural network permutation symmetry. Our method has little to no effect on model performance at all, and we empirically show it successfully disrupts state-of-the-art attacks that were only previously addressed using quantization, a highly complex process. NeuPerm is shown to work on LLMs, a feat that no other previous similar works have achieved. The source code is available at https://github.com/danigil/NeuPerm.git.