Connect with us
X
Categories:

Technology

Take threats against machine learning systems seriously, security firm warns

Published

on

Take threats against machine learning systems seriously, security firm warns
Share this post:

 

A new white paper from NCC Group details the myriad security threats associated with machine learning models.

Organizations are increasingly using machine learning (ML) models in their applications and services without considering the security requirements they entail, a new study by security consultancy NCC Group shows.

Due to the unique ways that machine learning systems are developed and deployed, they introduce new threat vectors that developers are often unaware of, the study finds, adding that many of the old and known threats also apply to ML systems.

Uptick in use of machine learning

“We’ve seen a steady uptick since around 2015 in our customers deploying ML systems, and although there was a sizeable body of academic literature, there wasn’t much practical discussion of ML-specific security issues around back then,” Chris Anley, chief scientist at NCC Group and author of the study, told The Daily Swig.

Initially, Anley saw machine learning being deployed in very niche applications. But today, ML models are increasingly used in more general web areas, such as content recommendation or workflow optimization.

“We are now seeing chatbots used for customer support and other text-based applications like sentiment analysis and text classification becoming fairly popular – with all of the privacy and security implications that you’d expect,” said Anley.

Wide range of threats

One notable study in the field, Practical Attacks on Machine Learning Systems, provides an overarching view of the ML threat landscape in real-world applications.

It details some of the threats that are specific to machine learning models and their training and deployment pipeline:

  • Adversarial attacks: Input data is modified with human-imperceptible noise to change the behavior of the ML model.
  • Data poisoning and backdoor attacks: The training dataset is compromised and modified to make the trained ML model sensitive to specific triggers.
  • Membership inference attacks: Querying the ML model to determine whether a specific data point was used in its training set.
  • Model inversion attacks: Querying ML models to recreate their training data in part or whole.

While these kinds of threats have been thoroughly studied and documented by academic researchers, the NCC researchers focused on recreating them in practical settings where ML models were deployed in real-world applications such as user identity verification, healthcare systems, and image classification software.

Their findings show that carrying out attacks against ML systems in the real world is practically feasible.

“I think that it is fairly startling that there are dozens of papers describing exactly how those attacks work,” Anley said. “We’ve replicated a few of the results in those papers in ‘demo’ form, and we’ve successfully conducted simulated attacks on similar lines with customers. Although these privacy attacks aren’t as straightforward as, say, SQL injection-driven data breach[es], they’re certainly practical.”

The study also shows that ML systems are often vulnerable to malicious payloads embedded in machine learning models, vulnerabilities in the source code of machine learning libraries, security holes in machine learning pipelines, SQL injection attacks against web-hosted ML systems, and supply chain attacks against the dependencies used in machine learning software.

Complex data security landscape

“Data breaches are always a concern, and there are some fundamental aspects of ML that change the privacy risks,” Anley said.

First, ML systems perform better as the volume of data on which they are trained increases, so organizations potentially have to handle large volumes of sensitive information.

Second, trained models don’t have role-based access control – all training data is aggregated into the same model.

RECOMMENDED  Google To Roll Out Update For More Authentic And High-quality Search Results

And third, experiments are a crucial part of ML development, so it’s important for large volumes of data to be accessible to developers.

“Securing ML systems can be difficult because of these issues, especially if the application handles sensitive data,” Anley said. “Developers often now have access to extremely powerful credentials, so it’s important to carefully consider who needs to do what, and restrict where you can, without impeding the business.”

ML threats on the web

The emerging threats of ML systems have direct consequences for the web ecosystem, Anley warns.

“I think the main concern that’s emerging from the literature is that it’s possible to extract training data from a trained model, even when hosted on the web, behind an API server, and even under some fairly stringent conditions,” he said.

Various studies, including some that Anley and his colleagues reproduced in their research, show that information extraction attacks are feasible against ML systems that output only class labels, which is the way many web-hosted ML services work.

Of special concern are pre-trained ML models served on the web, which have become very popular in recent years. Developers who lack the skills or resources to train their own ML models can download pre-trained models from one of several web platforms and directly integrate them into their applications.

But pre-trained models can become the source of the threats and attacks that Anley discusses in his paper.

“Trained models themselves can often contain code, so they should also be carefully handled,” he explained. “Since training models is expensive, we’ve seen the emergence of ‘model zoos’, where pre-trained models are available. These obviously need to be handled with the same controls you’d apply to code.”

Secure development takeaways

We are still learning how to cope with the emerging threats posed by ML-powered applications. But in the meantime, Anley had some key recommendations to share with web developers who are jumping on the ML bandwagon:

  • “If your model is trained on sensitive data, consider refactoring your application so that you don’t need to train on sensitive data.”
  • “If you absolutely have to train on sensitive data, consider differential privacy techniques, anonymization or tokenization of the sensitive data.”
  • “Apply the same supply chain controls to external models, that you would to external code.”
  • “Carefully curate your training data and apply controls to ensure that it can’t be maliciously modified.”
  • “Authenticate, rate limit, and audit access to models. If your model makes sensitive decisions that could be affected by adversarial perturbation, consider taking advice around implementing a training method to make the model more resistant to these attacks.”


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment
Kwara’s Sugar Factory studios to host Elite Vibez Awards
Entertainment6 hours ago

Kwara’s Sugar Factory studios to host Elite Vibez Awards

Mc Edopikin plans collaboration of Lagos, Edo entertainers at comedy show
Entertainment6 hours ago

Mc Edopikin plans collaboration of Lagos, Edo entertainers at comedy show

Naija Prime set to take film, content industry to new heights
Entertainment7 hours ago

Naija Prime set to take film, content industry to new heights

Justin Timberlake sentenced to community service for drunk driving
Entertainment15 hours ago

Justin Timberlake sentenced to community service for drunk driving

Garmin announces new smartwatch update with race time prediction improvement
Technology21 hours ago

Garmin announces new smartwatch update with race time prediction improvement

Sad! Nollywood actor, Big Larry passed on
Entertainment21 hours ago

Sad! Nollywood actor, Big Larry passed on

Xiaomi reveals new Smart Bathroom Heater N1 with rapid heating
Technology22 hours ago

Xiaomi reveals new Smart Bathroom Heater N1 with rapid heating

Enzo Maresca provides Romeo Lavia, Malo Gusto and Reece James injury update ahead of Bournemouth clash
Sports22 hours ago

Enzo Maresca provides Romeo Lavia, Malo Gusto and Reece James injury update ahead of Bournemouth clash

Cristiano Ronaldo breaks all past records with one billion followers on social media
Sports22 hours ago

Cristiano Ronaldo breaks all past records with one billion followers on social media

Yemi Alade awarded Spotify's EQUAL Africa artist
Entertainment22 hours ago

Yemi Alade awarded Spotify’s EQUAL Africa artist

Detained police spy apologizes to IGP for political rants
News23 hours ago

Detained police spy apologizes to IGP for political rants

FG plans upgrade of Borno dam to prevent floods
News23 hours ago

FG plans upgrade of Borno dam to prevent floods

Nigerian Air Force Officer Gets Sword Of Honour In UK College
News23 hours ago

Nigerian Air Force Officer Gets Sword Of Honour In UK College

Xiaomi launches new cheaper Redmi Projector 3 with in-built speakers
Technology2 days ago

Xiaomi launches new cheaper Redmi Projector 3 with in-built speakers

New Garmin Forerunner smartwatch software now available with updated vibration feature
Technology2 days ago

New Garmin Forerunner smartwatch software now available with updated vibration feature

Jamie Carragher responds to Gary Neville's "harsh" remark on the Arsenal star
Sports2 days ago

Jamie Carragher responds to Gary Neville’s “harsh” remark on the Arsenal star

Brighton manager Fabian Hurzeler provided an update on Joao Pedro's fitness
Sports2 days ago

Brighton manager Fabian Hurzeler provided an update on Joao Pedro’s fitness

Basketmouth fuels engagement rumours in new Instagram post
Entertainment2 days ago

Basketmouth fuels engagement rumours in new Instagram post

Nasarawa lawmaker Jeremiah Umaru seeks solutions to rising insecurity in constituency
News2 days ago

Nasarawa lawmaker Jeremiah Umaru seeks solutions to rising insecurity in constituency

President Bola Tinubu meets with King Charles to strengthen Nigeria-UK diplomatic ties
News2 days ago

President Bola Tinubu meets with King Charles to strengthen Nigeria-UK diplomatic ties

Burna Boy,Tems and Ayra Starr miss out as Taylor Swift, others bag 2024 MTV VMAwards
Entertainment2 days ago

Burna Boy,Tems and Ayra Starr miss out as Taylor Swift, others bag 2024 MTV VMAwards

A car tragedy claims the lives of two Ondo State Polytechnic students
News2 days ago

A car tragedy claims the lives of two Ondo State Polytechnic students

Real Warri Pikin: How I attempted suicide over N22m debt
Entertainment2 days ago

Real Warri Pikin: How I attempted suicide over N22m debt

Oracle is currently developing a nuclear trio-powered data center
Technology3 days ago

Oracle is currently developing a nuclear trio-powered data center

China refuses to ratify a deal that bans AI from controlling nuclear weapons.
Technology3 days ago

China refuses to ratify a deal that bans AI from controlling nuclear weapons

Todd Boehly and Behdad Eghbali ‘hurt’ by two transfer decisions
Sports3 days ago

Todd Boehly and Behdad Eghbali ‘hurt’ by two transfer decisions

Uruguay star Manuel Ugarte plays through illness ahead of Manchester United debut
Sports3 days ago

Uruguay star Manuel Ugarte plays through illness ahead of Manchester United debut

The Apprentice trailer shows everything about sex and surgery in the ‘Oscar-worthy’ Donald Trump biopic
Entertainment3 days ago

The Apprentice trailer shows everything about sex and surgery in the ‘Oscar-worthy’ Donald Trump biopic

‘I saw the Jonas Brothers for the first time – this unexpected thing truly surprised me’
Entertainment3 days ago

‘I saw the Jonas Brothers for the first time – this unexpected thing truly surprised me’

Ondo poll: PDP gov candidate encourages citizens to avoid violence.
News3 days ago

Ondo poll: PDP gov candidate encourages citizens to avoid violence.

19-year-old lady stabs neighbour’s son to death in Lagos
News3 days ago

19-year-old lady stabs neighbour’s son to death in Lagos

Don't victimize anyone, Fubara warns Rivers monarchs
News3 days ago

Don’t victimize anyone, Fubara warns Rivers monarchs

Tems
Celebrity3 days ago

Tems Break Silence on Pregnancy for Future: “Wizkid, Drake”

Harry Styles, Taylor Swift dominate Spotify Wrapped 2022
Celebrity3 days ago

Taylor Swift endorses Kamala Harris for US President

Wizkid Paid N1.4B For Ferrari - Dealer
Celebrity3 days ago

Wizkid Paid N1.4B For Ferrari – Dealer

Nigeria will not end me — Nicki Minaj voice out
Entertainment3 days ago

Nigeria will not end me — Nicki Minaj voice out

British cancer patient frozen and flown to the US so he can wake up in the future
Technology4 days ago

British cancer patient frozen and flown to the US so he can wake up in the future

All features that makes iPhone 16 the best ever
Technology4 days ago

All features that makes iPhone 16 the best ever

Odegaard’s teammate wants revenge following injury blow and gives update on Arsenal star
Sports4 days ago

Odegaard’s teammate wants revenge following injury blow and gives update on Arsenal star

Childish Gambino forced to cancel tour with hours to go due to ‘physical health’
Entertainment4 days ago

Childish Gambino forced to cancel tour with hours to go due to ‘physical health’

Nigerian nurses in the UK, US forced back home
News7 days ago

Nigerian nurses in the UK, US forced back home

Dangote Refinery
Business7 days ago

Dangote Refinery: NUPENG Vows Protection

Certain traits and contentious behaviors James Bond can’t have anymore in 2024
Entertainment7 days ago

Certain traits and contentious behaviors James Bond can’t have anymore in 2024

Elton John praises Donald Trump for using one of his songs
Entertainment6 days ago

Elton John praises Donald Trump for using one of his songs

Nancy Isime revealed her initial fear of fame
Entertainment7 days ago

Nancy Isime revealed her initial fear of fame

Toyota Corolla One Of The Best-selling Cars Of All Time And For Good Reason
Automobile7 days ago

Toyota Cuts EV Target For 2026

US Open: Jack Draper reveals what made him throw up on court
Sports7 days ago

US Open: Jack Draper reveals what made him throw up on court

Amanda Abbington ‘burning’ at BBC for ‘boys club’ Giovanni Pernice bullying probe
Entertainment6 days ago

Amanda Abbington ‘burning’ at BBC for ‘boys club’ Giovanni Pernice bullying probe

Arsenal suffer injury scare as Riccardo Calafiori withdraws from Italy squad
Sports6 days ago

Arsenal suffer injury scare as Riccardo Calafiori withdraws from Italy squad

US seeks access to ailing Binance executive
News6 days ago

US seeks access to ailing Binance executive

FG to construct blood collection facilities in 774 LGs
News7 days ago

FG to construct blood collection facilities in 774 LGs

Tributes flows in as Legendary 70s bassist Herbie Flowers dies at age 86
Entertainment6 days ago

Tributes flows in as Legendary 70s bassist Herbie Flowers dies at age 86

Edo State Government suspends school resumption over fuel price hike
News7 days ago

Edo State Government suspends school resumption over fuel price hike

Tecno Pocket Go recognized for award-winning innovation in AR gaming
Technology7 days ago

Tecno Pocket Go recognized for award-winning innovation in AR gaming

Real Reason why Petrol from Dangote Refinery is Colorless
News6 days ago

Real Reason why Petrol from Dangote Refinery is Colorless

Survivors of Yobe massacre: Decomposing bodies still litter our community after terrorist attack
News6 days ago

Survivors of Yobe massacre: Decomposing bodies still litter our community after terrorist attack

Don't victimize anyone, Fubara warns Rivers monarchs
News3 days ago

Don’t victimize anyone, Fubara warns Rivers monarchs

19-year-old lady stabs neighbour’s son to death in Lagos
News3 days ago

19-year-old lady stabs neighbour’s son to death in Lagos

Odegaard’s teammate wants revenge following injury blow and gives update on Arsenal star
Sports4 days ago

Odegaard’s teammate wants revenge following injury blow and gives update on Arsenal star

Wizkid Paid N1.4B For Ferrari - Dealer
Celebrity3 days ago

Wizkid Paid N1.4B For Ferrari – Dealer

Harry Styles, Taylor Swift dominate Spotify Wrapped 2022
Celebrity3 days ago

Taylor Swift endorses Kamala Harris for US President

Speaker Tajudeen Abbas condemns kidnap of workers, patients in Kaduna hospital
News4 days ago

Speaker Tajudeen Abbas condemns kidnap of workers, patients in Kaduna hospital

Jamal Musiala confirms Joshua Zirkzee tried to get him to sign for Manchester United
Sports7 days ago

Jamal Musiala confirms Joshua Zirkzee tried to get him to sign for Manchester United

The Apprentice trailer shows everything about sex and surgery in the ‘Oscar-worthy’ Donald Trump biopic
Entertainment3 days ago

The Apprentice trailer shows everything about sex and surgery in the ‘Oscar-worthy’ Donald Trump biopic

GTA 6 document provides a complete analysis of all leaks
Technology7 days ago

GTA 6 document provides a complete analysis of all leaks

Tesla’s Supercharger stations considered "illegal" in Germany
Automobile4 days ago

Tesla To Launch Its Full Self Driving Feature In Europe And China Early 2025

Nigeria will not end me — Nicki Minaj voice out
Entertainment3 days ago

Nigeria will not end me — Nicki Minaj voice out

Kendrick Lamar creates history by headlining the 2025 Super Bowl Halftime solo performance
Entertainment5 days ago

Kendrick Lamar creates history by headlining the 2025 Super Bowl Halftime solo performance

Apple Watch Ultra 2 gets a new black color and new straps
Technology5 days ago

Apple Watch Ultra 2 gets a new black color and new straps

Tems
Celebrity3 days ago

Tems Break Silence on Pregnancy for Future: “Wizkid, Drake”

All features that makes iPhone 16 the best ever
Technology5 days ago

The Apple Store website breaks down just hours before the launch of iPhone 16

Todd Boehly and Behdad Eghbali ‘hurt’ by two transfer decisions
Sports6 days ago

Todd Boehly and Clearlake Capital at breaking point

Amazon Fire Stick users have found a brilliant technique to control their TVs
Technology6 days ago

Amazon Fire Stick users have found a brilliant technique to control their TVs

European stock markets falls at open
News4 days ago

European stock markets falls at open

Noel Gallagher added ‘grumpy middle-aged man’ to the National Portrait Gallery
Entertainment5 days ago

Noel Gallagher added ‘grumpy middle-aged man’ to the National Portrait Gallery

Man who set Ugandan runner Rebecca Cheptegei on fire dies in hospital
Sports4 days ago

Man who set Ugandan runner Rebecca Cheptegei on fire dies in hospital

Bauchi floods kill 24, destroy N22bn worth of property
News4 days ago

Bauchi floods kill 24, destroy N22bn worth of property

3,391 Civil Servants to take promotion examinations in Kaduna
News5 days ago

3,391 Civil Servants to take promotion examinations in Kaduna

Jack White sue Donald Trump and declare ‘this machine sues fascists’
Entertainment4 days ago

Jack White sue Donald Trump and declare ‘this machine sues fascists’

Germany to expand border measures to stem irregular migration
News5 days ago

Germany to expand border measures to stem irregular migration

ANE Billboard Hots