Book Image

Machine Learning Security Principles

By : John Paul Mueller
Book Image

Machine Learning Security Principles

By: John Paul Mueller

Overview of this book

Businesses are leveraging the power of AI to make undertakings that used to be complicated and pricy much easier, faster, and cheaper. The first part of this book will explore these processes in more depth, which will help you in understanding the role security plays in machine learning. As you progress to the second part, you’ll learn more about the environments where ML is commonly used and dive into the security threats that plague them using code, graphics, and real-world references. The next part of the book will guide you through the process of detecting hacker behaviors in the modern computing environment, where fraud takes many forms in ML, from gaining sales through fake reviews to destroying an adversary’s reputation. Once you’ve understood hacker goals and detection techniques, you’ll learn about the ramifications of deep fakes, followed by mitigation strategies. This book also takes you through best practices for embracing ethical data sourcing, which reduces the security risk associated with data. You’ll see how the simple act of removing personally identifiable information (PII) from a dataset lowers the risk of social engineering attacks. By the end of this machine learning book, you'll have an increased awareness of the various attacks and the techniques to secure your ML systems effectively.
Table of Contents (19 chapters)
Part 1 – Securing a Machine Learning System
Part 2 – Creating a Secure System Using ML
Part 3 – Protecting against ML-Driven Attacks
Part 4 – Performing ML Tasks in an Ethical Manner

Understanding CNNs and implementing GANs

Convolutional neural networks (CNNs) are great for computer vision tasks. For example, you might partly depend on facial recognition techniques to secure your computing devices, buildings, or other infrastructure. By adding facial recognition to names and passwords (or other biometrics), you provide a second level of protection. However, as shown in the Seeing adversarial attacks in action section of Chapter 3, Mitigating Inference Risk by Avoiding Adversarial Machine Learning Attacks, it’s somewhat easy to fool the facial recognition application.

The problem isn’t the facial recognition application but rather the underlying model, which has been trained with good pictures of the various employees. The way around this problem is to create a dataset that contains both real and fake images of the employees so that the CNN learns to recognize the difference. Figure 10.18 shows a potential setup for training purposes.