Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Machine Learning Models

4a1a459a7121d36bbd0ad15b59735b50?s=47 raghothams
November 24, 2020

Securing Machine Learning Models

ML models are popping up everywhere around us, be it e-commerce, networks or healthcare. We went through a journey of running these models on a local machine to industrializing these models and scaling them to serve millions of users. However, very few people actually realize how easy / hard these models are to hack & replicate using various black box & white box methodologies.

We walk you through important security aspects one has to keep in mind while deploying machine learning models on cloud, edge or on-premise. We will also showcase counter measures to defend these attacks as well.

We will take the standard security expert's approach of:
1. Awareness
2. Applicability
3. Countermeasures

The talk will majorly focus attacks like:
1. Model extraction - How can an adversary replicate your model?
2. Model evasion / adversarial attacks - How can an adversary corrupt your model?
3. Model watermarking - How can one prove ownership of a model?

4a1a459a7121d36bbd0ad15b59735b50?s=128

raghothams

November 24, 2020
Tweet

Transcript

  1. None
  2. None
  3. 䚉 䚉 䚉 䚉 䚉 䚉

  4. 䚉 䚉 䚉 䚉

  5. None
  6. None
  7. None
  8. 䚉 䚉 䚉 䚉

  9. None
  10. 䚉 䚉 䚉

  11. 䚉 䚉

  12. None
  13. None
  14. None
  15. None
  16. None
  17. 䚉 䚉 䚉

  18. None
  19. 4VIGMWMSR 6IGEPP *WGSVI 3VMKMREP1SHIP    4VS\]1SHIP  

    
  20. 4VIGMWMSR 6IGEPP *WGSVI 3VMKMREP1SHIP    4VS\]1SHIP  

     1SHIP)\XVEGXMSR 9RWYGGIWWJYP
  21. 4VIGMWMSR 6IGEPP *WGSVI 3VMKMREP1SHIP    4VS\]1SHIP  

    
  22. 4VIGMWMSR 6IGEPP *WGSVI 3VMKMREP1SHIP    4VS\]1SHIP  

     1SHIP)\XVEGXMSR 9RWYGGIWWJYP
  23. 䚉 䚉 䚉

  24. 䚉 䚉

  25. None
  26. None
  27. 䚉 䚉 䚉 䚉 䚉

  28. None
  29. None
  30. None
  31. None
  32. None
  33. None
  34. None
  35. 䚉 䚉

  36. 0RGHO(YDVLRQDWWDFNSURFHVV Ɣ 6WHS'LUHFWLRQ6HQVLWLYLW\(VWLPDWLRQ ż 7KHDGYHUVDU\HYDOXDWHVWKHVHQVLWLYLW\RIDFODVVFKDQJHWRHDFKLQSXWIHDWXUHE\LGHQWLI\LQJGLUHFWLRQVLQWKH GDWDPDQLIROGDURXQGVDPSOH;LQZKLFKWKHPRGHO)OHDUQHGE\WKH'11LVPRVWVHQVLWLYHDQGOLNHO\WRUHVXOWLQ DFODVVFKDQJH Ɣ 6WHS3HUWXUEDWLRQ6HOHFWLRQ ż

    7KHDGYHUVDU\WKHQH[SORLWVWKHNQRZOHGJHRIVHQVLWLYHLQIRUPDWLRQWRVHOHFWDSHUWXUEDWLRQį;DPRQJWKHLQSXW GLPHQVLRQVLQRUGHUWRREWDLQDQDGYHUVDULDOSHUWXUEDWLRQZKLFKLVPRVWHIILFLHQW
  37. None
  38. None
  39. None
  40. ࣅ ࣅ

  41. 䚉 䚉 䚉

  42. None
  43. None
  44. None
  45. None
  46. None
  47. None
  48. None
  49. None
  50.  %ZKTVIGMWMSR %ZKVIGEPP %ZK*WGSVI 4IVJSVQERGI HVST 3VMKMREPQSHIP   

    >33EXXEGO     ,ST7OMT.YQT EXXEGO    
  51.  %ZKTVIGMWMSR %ZKVIGEPP %ZK*WGSVI 4IVJSVQERGI HVST 3VMKMREPQSHIP   

    >33EXXEGO     ,ST7OMT.YQT EXXEGO     1SHIP)ZEWMSR 7YGGIWWJYP
  52. 3VMKMREPQSHIP *+71%XXEGO *+71EXXEGO (IJIRGI8SXEPZEVMERGI QMRMQM^EXMSR XVERWJSVQEXMSR ;IMKLXIH*WGSVI   

    %GGYVEG]   
  53. 䚉 䚉 䚉 䚉 䚉 䚉

  54. None
  55. 䚉 䚉 䚉 䚉

  56. 䚉 䚉 䚉 䚉 䚉

  57. 䚉 䚉 䚉 䚉 䚉 䚉

  58. 䚉 䚉

  59. None