Why Security Is Important in ML and How To Secure Your ML-based Solutions | Rachid Kherrazi

Testing Security

Learn how to secure your Machine Learning (ML) solutions from attacks and manipulate the training process to achieve incorrect results and ensure responsible development and deployment.

Key takeaways
  • Security is important in Machine Learning (ML) as ML algorithms can be vulnerable to attacks, and adversarial attacks can manipulate the training process and lead to incorrect results.
  • Some types of attacks include:
    • Adversarial attacks: manipulating training data to manipulate the model’s behavior
    • Model extraction attacks: stealing a trained model
    • Model inversion attacks: stealing data from a trained model
    • Black box attacks: manipulating a model without accessing its internal workings
    • White box attacks: manipulating a model by accessing its internal workings
    • Gray box attacks: manipulating a model by partially accessing its internal workings
  • A good approach to security is to include it in the development process, not as an afterthought.
  • Some countermeasures include:
    • Testing: testing models for vulnerabilities
    • Monitoring: monitoring models for unexpected behavior
    • Secure coding: following best practices for secure coding
    • Version control: keeping track of changes to models and data
    • Collaborative development: involving multiple people and groups in the development process
  • Security does not start with deployment, but rather is an ongoing process throughout the development and deployment of a model.
  • Model-based testing is an important aspect of securing ML models.
  • Some standards and best practices include:
    • OWASP Machine Learning Security Cheat Sheet
    • TensorFlow Security
    • NIST 800-30: Guide for Conducting Risk Assessments
    • European Union’s General Data Protection Regulation (GDPR)
  • Awareness is key to understanding and addressing security risks in ML.
  • Best practices for securing ML models include:
    • Secure coding
    • Monitoring
    • Testing
    • Version control
    • Collaborative development
  • Some libraries and frameworks include:
    • TensorFlow
    • PyTorch
    • scikit-learn
    • OpenCV
  • Some companies and organizations, such as Microsoft and NIST, have taken steps to address security risks in ML.
  • Machine learning is a growing field and securing it is important for its responsible development and deployment.

More talks

37C3 - What is this? A machine learning model for ants?

The Digital Self, Community, Society and Beyond - Ahad Shams, JS GameDev Summit 2022

WebRTC isn't just for (video) conference calls

37C3 - Apple's iPhone 15: Under the C

SAINTCON 2016 - Christopher Hopkins (hydroplane) - Using LetsEncrypt and Optimizing TLS

Erdem B. & Bouke H. - Enhancing Quality Control Efficiency: A Dynamic Risk Threshold Approach

SAINTCON 2023 - Michael Fischer - You are the reason your AppSec Program is failing

DPC2023: Building the World: the story behind Wolfi, the Linux undistro built for containers