IIC Journal of Innovation 19th Edition The Role of Artificial Intelligence in Industry | Seite 41

Securing the ML Lifecycle
CONTENTS
1 Overview ........................................................................................................................ 38
1.1
Introduction ...................................................................................................................... 38
1.2
Purpose ............................................................................................................................. 38
1.3
Scope ................................................................................................................................ 38
1.4
Audience ........................................................................................................................... 38
1.5
Terms and Definitions ........................................................................................................ 39
2 Motivation : Secure Machine Learning ............................................................................. 39
2.1
Object Recognition in Manufacturing ................................................................................. 39
2.2
Medical Image Classification .............................................................................................. 40
3 The ML Lifecycle .............................................................................................................. 40
3.1
ML Lifecycle ....................................................................................................................... 40
3.2
ML Stakeholders ................................................................................................................ 41
4 Attacking the Machine Learning Lifecycle ........................................................................ 42
4.1
Attacking the Training Data ............................................................................................... 42
4.1.1
Poisoning Attack ................................................................................................................ 42
4.1.2
Countermeasures .............................................................................................................. 43
4.2
Attacking the Training Process ........................................................................................... 43
4.2.1
Observing the Preprocessing ............................................................................................. 44
4.2.2
Poisoning Attack ................................................................................................................ 44
4.2.3
Configuration Stealing Attack ............................................................................................ 44
4.2.4
Countermeasures .............................................................................................................. 44
4.3
Attacking the Deployed Model ........................................................................................... 45
4.3.1
Stealing the Model ............................................................................................................ 45
4.3.2
Evading the Model ............................................................................................................. 45
4.3.3
Unintended Usage ............................................................................................................. 45
4.3.4
Countermeasures .............................................................................................................. 46
4.4
Attacking the Query ........................................................................................................... 46
4.4.1
Query Interception or Modification .................................................................................. 46
4.4.2
Countermeasures .............................................................................................................. 46
4.5
Summary ........................................................................................................................... 46
5 A Secure Machine Learning Cheat Sheet .......................................................................... 47
5.1
Initial ML Security Assessment ........................................................................................... 47
5.2
ML Security Checklist ......................................................................................................... 48
6 Acknowledgements ......................................................................................................... 50
FIGURES
Figure 3-1 : ML Lifecycle , Assets and Stakeholders ...................................................................................... 41 Figure 5-1 : Initial Security Assessment ........................................................................................................ 48
36 March 2022