The process of deploying and maintaining a machine learning application introduces security and ethical challenges not seen in traditional software deployments. In this talk, you will see examples of what can go right, and what can go wrong, in ML/AI deployments, and learn techniques to get ahead of these issues and minimize risk of security incidents during and after deployment.

1. Secure Machine Learning:
Overcoming Algorithmic Bias,
Adversarial ML, and Other
Security Challenges in the Wild
West of AI
Los Angeles, CA, USA | Friday, October 23,
2020
Hunter Carlisle
Senior Machine Learning Engineer | ADP, Inc.

2. On September 30, 2012, the
world changed…

3. …we now live in a futuristic world
where machine learning solutions
are popping up in everything…

4. …so why are security practices
around machine learning still
stuck in the wild west?

5. // CIA Model of Security
- Confidentiality
- Integrity
- Availability

6. Secure machine learning and data
ethics go hand in hand.

7. // Adversarial Machine Learning
- Training Attacks
- Inference Attacks

8. // Training Attacks
- Poisoning the well / red herring attacks
- Primarily affect online learning systems
- Attackers have some control over training

9. // Training Attack Example
@TayandYou:
Twitter chatbot released by
Microsoft on March 23, 2016
Taken down 16 hours after launch.

10. // Potential Solutions
- Offline, batch updating of model weights
- Anomaly detection of model inputs

11. // Inference Attacks
- More generally applicable than training attacks
- Significant real-world consequences
- Challenging to overcome

12. // Inference Attack Example
Using an attack disguised as
graffiti, researchers at the
University of Washington were
able to get computer vision
systems to misclassify STOP signs
as SPEED LIMIT 45 signs.

13. // Potential Solutions
- Adversarial training
- Defensive distillation

14. // Data Privacy
- ML models can encode facts about specific training examples
- Attackers might be able to inspect published model assets
- Future regulatory and compliance changes will impact model
training, deployment, and maintenance

15. // Data Privacy Example
The EU General Data Protection Regulation (GPDR)
allows individuals to request removal of personal
information.
If a model was training on such information, how
can you ensure that it is completely removed from
model weights?

16. // Potential Solutions
- Private Aggregation of Teacher Ensembles (PATE)
- Machine ‘unlearning’: sharding and slicing

17. // Algorithmic Bias
- Inherent biases in data can negatively impact predictions
- Hard to identify and account for during training and validation
- Poses greatest existential threat to widespread adoption of AI/ML

18. // Algorithmic Bias Example
The COMPAS risk and
recidivism assessment
software was shown to
encode racial biases in model
predictions of how likely an
offender is to commit further
crimes.
It is directly used by Judges
during sentencing.
https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing

19. // Potential Solutions
- ML Explainability and Interpretation
- Generative Adversarial Networks (GANs)

20. // Software Tools To Help
CleverHans
Adversarial Robustness Toolbox
LIME

21. // Additional Resources
- Machine Learning and Security:
https://learning.oreilly.com/library/view/Machine+Learning+and+Security/9781491979891/
- Introducing MLOps: https://learning.oreilly.com/library/view/introducing-mlops/9781492083283/
- Hands-On Machine Learning with Scikit-Learn, Keras, and Tensorflow:
https://learning.oreilly.com/library/view/hands-on-machine-learning/9781492032632/
- “Machine Learning: The High Interest Credit Card of Technical Debt”:
https://research.google/pubs/pub43146/
- CleverHans Blog: https://cleverhans.io/

22. Thank You!
Questions?
Los Angeles, CA, USA | Friday, October 23,
2020
Hunter Carlisle
Senior Machine Learning Engineer | ADP, Inc.