1. Cihan Özhan
Founder of DeepLab, http://deeplab.co

2. DeepLab : Technologies
ML/DL/CV Based
• Technologies
– Go, Python, C/C++, Rust, C#
– PyTorch, TensorFlow, Keras, scikit-learn
• As Web, Mobile, IoT/Edge ve Back-End…
– OpenCV
– … and dozens of different tools and equipment…
• Cloud Computing
– AWS Machine Learning
– Google Cloud Machine Learning
– IBM Watson Machine Learning
– Microsoft Azure Machine Learning
– … and various cloud solutions…
• Distributed Systems
– Distributed Databases
– Distributed Deep Learning

3. AI Security
Machine Learning, Deep Learning and Computer Vision Security
Cihan Özhan | Founder of DeepLab | Developer, AI Engineer, AI Hacker, Data Master

4. OWASP Top 10 List
OWASP
(Open Web Application Security Project)

6. AI Data Objects
• Image
• Text
• File
• Voice
• Video
• Data
• 3D Object

7. ML/DL Applications
• Image Classification
• Pose Estimation
• Face Recognition
• Face Detection
• Object Detection
• Question Answering System
• Semantic Segmentation
• Text Classification
• Text Recognition
• Sentiment Analysis
• Industrial AI
• Autonomous Systems
• and more…

8. ML/DL Algorithms
• Classification (Supervised)
• Clustering (Unsupervised)
• Regression (Supervised)
• Generative Models (Semi-Supervised)
• Dimensionality Reduction (Unsupervised)
• Reinforcement Learning (Reinforcement)

9. MLaaS?
Machine Learning as a Service
MLaaS is the method in which ML/DL algorithms and software
are offered as a component of cloud computing services.
MLaaS = (SaaS + [ML/DL/CV])

10. Hidden Technical Debt in Machine Learning Systems
https://papers.nips.cc/paper/2015/file/86df7dcfd896fcaf2674f757a2463eba-Paper.pdf
Usually the whole team, focus and
area where resources are directed!

11. Model Lifecycle
Machine Learning Model Development Lifecycle

12. Model Lifecycle
Machine Learning Model Development Lifecycle
We start here!
ML model preparation process
The chore but the imperative:
Preparing the data!
We prepared the model!
We train the model with data.
Cloud or On-Premise
We tested the trained model with test data!
The trained model is packaged
for the programmatic
environment.
Post release:
The model is
constantly monitored.

13. How to Publish a Machine Learning
project?

14. MartinFowler.com

15. MartinFowler.com

16. Machine Learning Security

17. Basic Security Issues
Intentional Issues Unintentional Issues
Perturbation Attack Reward Hacking
Poisoning Attack Side Effects
Model Inversion Distributional Shifts
Membership Inference Natural Adversarial Examples
Model Stealing Common Corruption
Reprogramming ML system Incomplete Testing
Adversarial Example in Pyhsical Domain
Malicious ML provider recovering training data
Attacking the ML supply chain
Backdoor ML
Exploit Software Dependencies

19. Adversarial Attack : Image (https://adversarial.io/)

21. https://openai.com/blog/adversarial-example-research/

22. https://hackernoon.com/adversarial-attacks-how-to-trick-computer-vision-7484c4e85dc0

23. Adversarial Attack : Speech-to-Text (https://people.eecs.berkeley.edu/~daw/papers/audio-dls18.pdf)

24. https://arxiv.org/pdf/2006.03575.pdf

25. Adversarial Attack : NLP
https://arxiv.org/pdf/2005.05909.pdf
https://github.com/QData/TextAttack

27. Adversarial Attack : Remote Sensing (https://arxiv.org/pdf/1805.10997.pdf)

28. Adversarial Attack : Satellite (https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8823003)

29. Adversarial Attack : Military
https://spectrum.ieee.org/automaton/artificial-intelligence/embedded-ai/adversarial-attacks-and-ai-systems

30. Adversarial Attack : Military
https://www.sto.nato.int/publications/STO%20Meeting%20Proceedings/STO-MP-IST-160/MP-IST-160-S1-5.pdf

31. Adversarial Attack : Autonomous Driving
https://web.cs.ucla.edu/~miryung/Publications/percom2020-autonomousdriving.pdf
https://github.com/ITSEG-MQ/Adv-attack-and-defense-on-driving-model

32. Security Research of Tesla Autopilot (40 Pages)
https://keenlab.tencent.com/en/whitepapers/Experimental_Security_Research_of_Tesla_Autopilot.pdf

33. Industrial AI and Autonomous Systems - Cihan Özhan (Turkish)
https://www.youtube.com/watch?v=ID_tw5iq6Xs

34. https://medium.com/@ml.at.berkeley/tricking-neural-networks-create-your-own-adversarial-examples-a61eb7620fd8

35. Exploit Software Dependencies
• It takes advantage of the vulnerabilities of the software the system is
connected to, not algorithms.
• Prevention:
– Security Scan
– Security Reports
– Be Careful : Wrappers ve Pre-Build Environment
– Use Less Dependency
– Dependency Management Tools
• Synk : Synk.io
• Python Poetry : python-poetry.org
• Bandit :
– Bandit is a tool designed to find common security issues in Python code.
– https://github.com/PyCQA/bandit
• pyup.io/safety
• requires.io
– etc…

36. Tool/Library Security
(TensorFlow)
• TensorFlow (tools like) is designed for internal communication, not for
running on untrusted networks.
• These tools (ModelServer etc.) do not have built-in authorization.
• It can read and write files, send and receive data over the network…
• (!) TensorFlow Models as Programs
• (!) Running Untrusted Models
• (!) Accepting Untrusted Inputs
https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md

37. https://www.tensorflow.org/tutorials/generative/adversarial_fgsm

38. Cihan Özhan
Links
• cihanozhan.com
• linkedin.com/in/cihanozhan
• medium.com/@cihanozhan
• youtube.com/user/OracleAdam
• twitter.com/UnmannedCode
• github.com/cihanozhan
Contact
• cihan@deeplab.co