The process of deploying and maintaining a machine learning application introduces security and ethical challenges not seen in traditional software deployments.
In this talk, you will see examples of what can go right, and what can go wrong, in ML/AI deployments, and learn techniques to get ahead of these issues and minimize risk of security incidents during and after deployment.
Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Other Security Challenges in the Wild West of AI
1. Secure Machine Learning:
Overcoming Algorithmic Bias,
Adversarial ML, and Other
Security Challenges in the Wild
West of AI
Los Angeles, CA, USA | Friday, October 23,
2020
Hunter Carlisle
Senior Machine Learning Engineer | ADP, Inc.
8. // Training Attacks
- Poisoning the well / red herring attacks
- Primarily affect online learning systems
- Attackers have some control over training
9. // Training Attack Example
@TayandYou:
Twitter chatbot released by
Microsoft on March 23, 2016
Taken down 16 hours after launch.
10. // Potential Solutions
- Offline, batch updating of model weights
- Anomaly detection of model inputs
11. // Inference Attacks
- More generally applicable than training attacks
- Significant real-world consequences
- Challenging to overcome
12. // Inference Attack Example
Using an attack disguised as
graffiti, researchers at the
University of Washington were
able to get computer vision
systems to misclassify STOP signs
as SPEED LIMIT 45 signs.
14. // Data Privacy
- ML models can encode facts about specific training examples
- Attackers might be able to inspect published model assets
- Future regulatory and compliance changes will impact model
training, deployment, and maintenance
15. // Data Privacy Example
The EU General Data Protection Regulation (GPDR)
allows individuals to request removal of personal
information.
If a model was training on such information, how
can you ensure that it is completely removed from
model weights?
16. // Potential Solutions
- Private Aggregation of Teacher Ensembles (PATE)
- Machine ‘unlearning’: sharding and slicing
17. // Algorithmic Bias
- Inherent biases in data can negatively impact predictions
- Hard to identify and account for during training and validation
- Poses greatest existential threat to widespread adoption of AI/ML
18. // Algorithmic Bias Example
The COMPAS risk and
recidivism assessment
software was shown to
encode racial biases in model
predictions of how likely an
offender is to commit further
crimes.
It is directly used by Judges
during sentencing.
https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing
19. // Potential Solutions
- ML Explainability and Interpretation
- Generative Adversarial Networks (GANs)
20. // Software Tools To Help
CleverHans
Adversarial Robustness Toolbox
LIME
21. // Additional Resources
- Machine Learning and Security:
https://learning.oreilly.com/library/view/Machine+Learning+and+Security/9781491979891/
- Introducing MLOps: https://learning.oreilly.com/library/view/introducing-mlops/9781492083283/
- Hands-On Machine Learning with Scikit-Learn, Keras, and Tensorflow:
https://learning.oreilly.com/library/view/hands-on-machine-learning/9781492032632/
- “Machine Learning: The High Interest Credit Card of Technical Debt”:
https://research.google/pubs/pub43146/
- CleverHans Blog: https://cleverhans.io/