Why Security Is Important in ML and How To Secure Your ML-based Solutions | Rachid Kherrazi

Testing Security

Learn how to secure your Machine Learning (ML) solutions from attacks and manipulate the training process to achieve incorrect results and ensure responsible development and deployment.

Key takeaways
  • Security is important in Machine Learning (ML) as ML algorithms can be vulnerable to attacks, and adversarial attacks can manipulate the training process and lead to incorrect results.
  • Some types of attacks include:
    • Adversarial attacks: manipulating training data to manipulate the model’s behavior
    • Model extraction attacks: stealing a trained model
    • Model inversion attacks: stealing data from a trained model
    • Black box attacks: manipulating a model without accessing its internal workings
    • White box attacks: manipulating a model by accessing its internal workings
    • Gray box attacks: manipulating a model by partially accessing its internal workings
  • A good approach to security is to include it in the development process, not as an afterthought.
  • Some countermeasures include:
    • Testing: testing models for vulnerabilities
    • Monitoring: monitoring models for unexpected behavior
    • Secure coding: following best practices for secure coding
    • Version control: keeping track of changes to models and data
    • Collaborative development: involving multiple people and groups in the development process
  • Security does not start with deployment, but rather is an ongoing process throughout the development and deployment of a model.
  • Model-based testing is an important aspect of securing ML models.
  • Some standards and best practices include:
    • OWASP Machine Learning Security Cheat Sheet
    • TensorFlow Security
    • NIST 800-30: Guide for Conducting Risk Assessments
    • European Union’s General Data Protection Regulation (GDPR)
  • Awareness is key to understanding and addressing security risks in ML.
  • Best practices for securing ML models include:
    • Secure coding
    • Monitoring
    • Testing
    • Version control
    • Collaborative development
  • Some libraries and frameworks include:
    • TensorFlow
    • PyTorch
    • scikit-learn
    • OpenCV
  • Some companies and organizations, such as Microsoft and NIST, have taken steps to address security risks in ML.
  • Machine learning is a growing field and securing it is important for its responsible development and deployment.

More talks

Shai Reznik | Qwik - Behind The Magic |

Bye bye drupalisms! Propelling Drupal into a modern PHP ecosystem - Marine Gandy

An Insider's Guide to Cloud Computing • David Linthicum & Prasad Rao

"Beyond Blockchain: Convergent Consensus" by Mike Anderson (Strange Loop 2022)

37C3 - Das Diskmags-Projekt

Engineering Documentation • Lorna Jane Mitchell • GOTO 2022

37C3 - KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)

The Intel IoT Platform