AI Product Security: A Primer for Developers | AI Security Portal

JA

JA

EN

TOP Literature Database AI Product Security: A Primer for Developers

arxiv

AI Product Security: A Primer for Developers

AI Security Portal bot

Information in the literature database is collected automatically.

Source

https://arxiv.org/abs/2304.11087

PDF

https://arxiv.org/pdf/2304.11087

Paper Information

Author: Ebenezer R. H. P. Isaac;Jim Reno
Published: 4-18-2023
Affiliation: Ericsson
Country: India
Conference

Labels Estimated by AI

Security Analysis Privacy Technique Compliance with Ethical Guidelines

These labels were automatically added by AI and may be inaccurate.
For details, see About Literature Database.

Abstract

Not too long ago, AI security used to mean the research and practice of how AI can empower cybersecurity, that is, AI for security. Ever since Ian Goodfellow and his team popularized adversarial attacks on machine learning, security for AI became an important concern and also part of AI security. It is imperative to understand the threats to machine learning products and avoid common pitfalls in AI product development. This article is addressed to developers, designers, managers and researchers of AI software products.

References

Published: 2023

The Practical Divide between Adversarial {ML} Research and Security Practice: A Red Team Perspective

Published: 2021

Bandit – A security linter from PyCQA

Python Code Quality Authority

Published: 2022

2022 IEEE Symposium on Security and Privacy (SP)

Membership inference attacks from first principles

Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, Florian Tramer

Published: 2022

EU Artificial Intelligence Act

European Comission

Published: 2021

Publications Office

Ethics guidelines for trustworthy AI

European Commission

Published: 2019

The MITRE Corporation

Published: 2023

The MITRE Corporation

Published: 2023

International Conference on Learning Representations (ICLR)

Adversarial Reprogramming of Neural Networks

Gamaleldin F. Elsayed, Ian Goodfellow, Jascha Sohl-Dickstein

Published: 6.29.2018

Deep neural networks are susceptible to \emph{adversarial} attacks. In computer vision, well-crafted perturbations to images can cause neural networks to make mistakes such as confusing a cat with a computer. Previous adversarial attacks have been designed to degrade performance of models or cause machine learning models to produce specific outputs chosen ahead of time by the attacker. We introduce attacks that instead {\em reprogram} the target model to perform a task chosen by the attacker---without the attacker needing to specify or compute the desired output for each test-time input. This attack finds a single adversarial perturbation, that can be added to all test-time inputs to a machine learning model in order to cause the model to perform a task chosen by the adversary---even if the model was not trained to do this task. These perturbations can thus be considered a program for the new task. We demonstrate adversarial reprogramming on six ImageNet classification models, repurposing these models to perform a counting task, as well as classification tasks: classification of MNIST and CIFAR-10 examples presented as inputs to the ImageNet model.

Watermark Adversarial Example Certified Robustness

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Model inversion attacks that exploit confidence information and basic countermeasures

Matt Fredrikson, Somesh Jha, Thomas Ristenpart

Published: 2015

Journal of International Technology and Information Management

Computer security checklist for non-security technology professionals

Chlotia P Garrison, Roderick B Posey

Published: 2006

International Conference on Learning Representations (ICLR)

Explaining and harnessing adversarial examples

Ian J Goodfellow, Jonathon Shlens, Christian Szegedy

Published: 2015

Software Supply Chain Best Practices

CNCF Security Technical Advisory Group

Published: 2021

Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition

Deep residual learning for image recognition

Kaiming He, Xiangyu Zhang, Shaoqing Ren, Jian Sun

Published: 2016

SEI CERT Coding Standards

Software Engineering Institute

Published: 2016

USENIX Security Symposium

High Accuracy and High Fidelity Extraction of Neural Networks

Matthew Jagielski, Nicholas Carlini, David Berthelot, Alex Kurakin, Nicolas Papernot

Published: 9.4.2019

In a model extraction attack, an adversary steals a copy of a remotely deployed machine learning model, given oracle prediction access. We taxonomize model extraction attacks around two objectives: *accuracy*, i.e., performing well on the underlying learning task, and *fidelity*, i.e., matching the predictions of the remote victim classifier on any input. To extract a high-accuracy model, we develop a learning-based attack exploiting the victim to supervise the training of an extracted model. Through analytical and empirical arguments, we then explain the inherent limitations that prevent any learning-based strategy from extracting a truly high-fidelity model---i.e., extracting a functionally-equivalent model whose predictions are identical to those of the victim model on all possible inputs. Addressing these limitations, we expand on prior work to develop the first practical functionally-equivalent extraction attack for direct extraction (i.e., without training) of a model's weights. We perform experiments both on academic datasets and a state-of-the-art image classifier trained with 1 billion proprietary images. In addition to broadening the scope of model extraction research, our work demonstrates the practicality of model extraction attacks against production-grade systems.

Adversarial Example Model Evaluation Model Extraction Attack

Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure

Published: 2004

International Conference on Frontiers of Information Technology (FIT)

Security for Machine Learning-based Systems: Attacks and Challenges during Training and Inference

Faiq Khalid, Muhammad Abdullah Hanif, Semeen Rehman, Muhammad Shafique

Published: 11.5.2018

The exponential increase in dependencies between the cyber and physical world leads to an enormous amount of data which must be efficiently processed and stored. Therefore, computing paradigms are evolving towards machine learning (ML)-based systems because of their ability to efficiently and accurately process the enormous amount of data. Although ML-based solutions address the efficient computing requirements of big data, they introduce (new) security vulnerabilities into the systems, which cannot be addressed by traditional monitoring-based security measures. Therefore, this paper first presents a brief overview of various security threats in machine learning, their respective threat models and associated research challenges to develop robust security measures. To illustrate the security vulnerabilities of ML during training, inferencing and hardware implementation, we demonstrate some key security threats on ML using LeNet and VGGNet for MNIST and German Traffic Sign Recognition Benchmarks (GTSRB), respectively. Moreover, based on the security analysis of ML-training, we also propose an attack that has a very less impact on the inference accuracy. Towards the end, we highlight the associated research challenges in developing security measures and provide a brief overview of the techniques used to mitigate such security threats.

Model Extraction Attack Poisoning Attack IoT Security

J. Inf. Secur. Appl.

Defending against adversarial machine learning aJacks using hierarchical learning: A case study on network traffic aJack classification

McCarthy, A., Ghadafi, E., Andriotis, P., Legg, P.

Published: 2023

Published: 2023

NIST AI Risk Management Framework Playbook

National Institute of Standards and Technology

Published: 2023

NIST Cybersecurity Framework

National Institute of Standards and Technology

Published: 2023

Computing Research Repository (CoRR)

Privacy and Trust Redefined in Federated Machine Learning

Pavlos Papadopoulos, Will Abramson, Adam J. Hall, Nikolaos Pitropakis, William J. Buchanan

Published: 3.30.2021

A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring the data privacy to their owners. The distribution of the computation to multiple participating entities introduces new privacy complications and risks. In this paper, we present a privacy-preserving decentralised workflow that facilitates trusted federated learning among participants. Our proof-of-concept defines a trust framework instantiated using decentralised identity technologies being developed under Hyperledger projects Aries/Indy/Ursa. Only entities in possession of Verifiable Credentials issued from the appropriate authorities are able to establish secure, authenticated communication channels authorised to participate in a federated learning workflow related to mental health data.

Data Management System Verifiable Credentials Privacy Violation

arxiv

Cited by 1

IEEE Symposium on Security and Privacy

Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks

Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, Ananthram Swami

Published: 11.14.2015

Deep learning algorithms have been shown to perform extremely well on many classical machine learning problems. However, recent studies have shown that deep learning, like other machine learning techniques, is vulnerable to adversarial samples: inputs crafted to force a deep neural network (DNN) to provide adversary-selected outputs. Such attacks can seriously undermine the security of the system supported by the DNN, sometimes with devastating consequences. For example, autonomous vehicles can be crashed, illicit or illegal content can bypass content filters, or biometric authentication systems can be manipulated to allow improper access. In this work, we introduce a defensive mechanism called defensive distillation to reduce the effectiveness of adversarial samples on DNNs. We analytically investigate the generalizability and robustness properties granted by the use of defensive distillation when training DNNs. We also empirically study the effectiveness of our defense mechanisms on two DNNs placed in adversarial settings. The study shows that defensive distillation can reduce effectiveness of sample creation from 95% to less than 0.5% on a studied DNN. Such dramatic gains can be explained by the fact that distillation leads gradients used in adversarial sample creation to be reduced by a factor of 10^30. We also find that distillation increases the average minimum number of features that need to be modified to create adversarial samples by about 800% on one of the DNNs we tested.

Certified Robustness Deep Learning Adversarial Example

The owasp top 10

The Open Web Application Security Project

Published: 2021

RFC Editor

The Transport Layer Security (TLS) Protocol Version 1.3

E. Rescorla

Published: 2018

Electronics

Applications in security and evasions in machine learning: a survey

Ramani Sagar, Rutvij Jhaveri, Carlos Borrego

Published: 2020

Published: 2023

Proceedings of the Fifth Cybersecurity Symposium

Hardening web applications using a least privilege DBMS access model

Stuart Steiner, Daniel Conte de Leon, Ananth A Jillepalli

Published: 2018

International Conference on Machine Learning

Transfer learning without knowing: Reprogramming black-box machine learning models with scarce data and limited resources

Yun-Yun Tsai, Pin-Yu Chen, Tsung-Yi Ho

Published: 2020

Digital Communications and Networks

Poisoning attacks and countermeasures in intelligent networks: Status quo and prospects

C. Wang, J. Chen, Y. Yang, X. Ma, J. Liu

Published: 2022

IEEE Trans. Neural Netw. Learn. Syst.

Adversarial examples: Attacks and defenses for deep learning

X. Yuan, P. He, Q. Zhu, X. Li

Published: 2019