2. AI Security
Machine Learning, Deep Learning and Computer Vision Security
Cihan Özhan | DeepLab.co | Founder & Autonomous System Developer

3. https://www.linkedin.com/in/cihanozhan/detail/overlay-view/urn:li:fsd_profileTreasuryMedia:(ACoAAAr146cB3A0HPcosYwmX-
LYMZLv1o2zilG8,1605734216934)/ - 128 Pages

4. https://www.linkedin.com/in/cihanozhan/detail/overlay-view/urn:li:fsd_profileTreasuryMedia:(ACoAAAr146cB3A0HPcosYwmX-
LYMZLv1o2zilG8,1605734216934)/ - 47 Pages

5. https://www.linkedin.com/in/cihanozhan/detail/overlay-view/urn:li:fsd_profileTreasuryMedia:(ACoAAAr146cB3A0HPcosYwmX-
LYMZLv1o2zilG8,1605727635360)/ - 92 Pages

7. https://www.linkedin.com/in/cihanozhan/detail/overlay-view/urn:li:fsd_profileTreasuryMedia:(ACoAAAr146cB3A0HPcosYwmX-
LYMZLv1o2zilG8,1605726435879)/ - 59 Pages

8. DeepLab : Teknolojiler
ML/DL/CV Odaklı
• Teknolojiler
– Go, Python, C/C++, Rust, C#
– PyTorch, TensorFlow, Keras, scikit-learn
• Web, Mobile, IoT/Edge ve Back-End olarak…
– OpenCV
– … ve farklı onlarca araç-gereç…
• Cloud Computing
– AWS Machine Learning
– Google Cloud Machine Learning
– IBM Watson Machine Learning
– Microsoft Azure Machine Learning
– … ve farklı birçok Cloud çözüm…
• Distributed Systems
– Distributed Databases
– Distributed Deep Learning

9. Klişe No : 85496477

10. AI Objects
• Image
• Text
• File
• Voice
• Video
• Data
• 3D Object

11. ML/DL Applications
• Image Classification
• Pose Estimation
• Face Recognition
• Face Detection
• Object Detection
• Question Answering System
• Semantic Segmentation
• Text Classification
• Text Recognition
• Sentiment Analysis

12. ML/DL Algorithms
• Classification (Supervised)
• Clustering (Unsupervised)
• Regression (Supervised)
• Generative Models (Semi-Supervised)
• Dimensionality Reduction (Unsupervised)
• Reinforcement Learning (Reinforcement)

13. MLaaS?
Machine Learning as a Service
ML/DL algoritma ve yazılımlarının, bulut bilişim hizmetlerinin bir
bileşeni olarak sunulması modeline denir.
MLaaS = (SaaS + [ML/DL/CV])

14. Hidden Technical Debt in Machine Learning Systems
https://papers.nips.cc/paper/2015/file/86df7dcfd896fcaf2674f757a2463eba-Paper.pdf
Genellikle tüm ekip, odak
ve kaynakların yönlendirildiği alan!

15. Model Lifecycle
Machine Learning Model Development Lifecycle

16. Model Lifecycle
Machine Learning Model Development Lifecycle
Biz buradan başlıyoruz!
ML model hazırlık süreci
Angarya ama mecburi görev:
Veriyi hazırlamak!
Modeli hazırlamışız!
Modeli veri ile eğitiyoruz.
Cloud ya da On-Premise
Eğitilmiş modeli test verisi ile test ettik!
Eğitilen model programsal
ortam için paketlenir.
Yayın sonrası:
Model sürekli izlenir.

17. Machine Learning projesi
Nasıl Yayınlanır?

18. MartinFowler.com

19. MartinFowler.com

20. Machine Learning Security

21. Temel Güvenlik Sorunları
Kasıtlı Hatalar Kasıtsız Hatalar
Perturbation Attack Reward Hacking
Poisoning Attack Side Effects
Model Inversion Distributional Shifts
Membership Inference Natural Adversarial Examples
Model Stealing Common Corruption
Reprogramming ML system Incomplete Testing
Adversarial Example in Pyhsical Domain
Malicious ML provider recovering training data
Attacking the ML supply chain
Backdoor ML
Exploit Software Dependencies

23. Adversarial Attack : Image (https://adversarial.io/)

25. https://openai.com/blog/adversarial-example-research/

26. https://hackernoon.com/adversarial-attacks-how-to-trick-computer-vision-7484c4e85dc0

27. Adversarial Attack : Speech-to-Text (https://people.eecs.berkeley.edu/~daw/papers/audio-dls18.pdf)

28. https://arxiv.org/pdf/2006.03575.pdf

29. Adversarial Attack : NLP
https://arxiv.org/pdf/2005.05909.pdf
https://github.com/QData/TextAttack

31. Adversarial Attack : Remote Sensing (https://arxiv.org/pdf/1805.10997.pdf)

32. Adversarial Attack : Satellite (https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8823003)

33. Adversarial Attack : Military
https://spectrum.ieee.org/automaton/artificial-intelligence/embedded-ai/adversarial-attacks-and-ai-systems

34. Adversarial Attack : Military
https://www.sto.nato.int/publications/STO%20Meeting%20Proceedings/STO-MP-IST-160/MP-IST-160-S1-5.pdf

35. Adversarial Attack : Autonomous Driving
https://web.cs.ucla.edu/~miryung/Publications/percom2020-autonomousdriving.pdf
https://github.com/ITSEG-MQ/Adv-attack-and-defense-on-driving-model

36. Security Research of Tesla Autopilot (40 Pages)
https://keenlab.tencent.com/en/whitepapers/Experimental_Security_Research_of_Tesla_Autopilot.pdf

37. Endüstriyel Yapay Zeka ve Otonom Araçlar - Cihan Özhan
https://www.youtube.com/watch?v=7RS4tLMfoo0

38. https://medium.com/@ml.at.berkeley/tricking-neural-networks-create-your-own-adversarial-examples-a61eb7620fd8

39. Exploit Software Dependencies
• Algoritmaları değil, sistem bağımlı olduğu yazılımların güvenlik
açıklarından faydalanır.
• Önlem:
– Security Scan
– Security Reports
– Dikkat Et : Wrappers ve Pre-Build Environment
– Az Dependency Kullan
– Dependency Management Tools
• Synk : Synk.io
• Python Poetry : python-poetry.org
• Bandit :
– Bandit is a tool designed to find common security issues in Python code.
– https://github.com/PyCQA/bandit
• pyup.io/safety
• requires.io
– vb…

40. Tool/Library Security
(TensorFlow)
• TensorFlow(gibi araçlar) internal iletişim için tasarlanmıştır,
güvensiz(untrusted) ağlarda çalışmak için değil.
• Bu araçlar(ModelServer vb.) built-in yetkilendirmeye sahip değildir.
• Dosyaları okuyup yazabilir, network üzerinden veri alıp gönderebilir…
• (!) TensorFlow Models as Programs
• (!) Running Untrusted Models
• (!) Accepting Untrusted Inputs
https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md

41. https://www.tensorflow.org/tutorials/generative/adversarial_fgsm

42. Cihan Özhan
Bağlantılar
• cihanozhan.com
• linkedin.com/in/cihanozhan
• medium.com/@cihanozhan
• youtube.com/user/OracleAdam
• twitter.com/UnmannedCode
• github.com/cihanozhan
E-Mail
• cihan@deeplab.co