This article details the main security risks associated with machine learning, provides an overview of the techniques commonly used to prevent these risks and explains the usefulness of machine learning in the fight against cybercrime.
The process of creating Machine Learning (ML) applications is a challenge for cybersecurity experts. Artificial intelligence is indeed vulnerable at all stages of its development.
Educating your machine could give you a hard time... The debate remains open as to whether a machine can be equipped with a true critical mind and free will, but it is crucial to provide a framework for its learning. Paradoxically, ML is also becoming a major weapon against cybercrime.
Reminder sting: what is Machine Learning?
Machine learning is a form of artificial intelligence based on the principle that the machine learns by itself. Its result is refined as it stores data. The objective is that the machine can then provide an appropriate response to a situation described as complex.
Unlike Artificial Intelligence (AI), machine learning is not intended to develop reasoning similar to human reasoning. The machine learns by processing data with significant computing capacity.
To learn more about this subject, do not hesitate to consult our articles:
Machine learning, a target for cybercrime
Technologies such as artificial intelligence and machine learning are subject to "classic" attacks just like any other computer system.
According to Accenture's latest report, "The Cost of Cybercrime", the most damaging categories of attacks in financial terms are:
- Attacks caused by malware
- Attacks originating directly from the Internet
- Denial of Service
Besides these traditional attack techniques, other types of attacks target AI and ML in particular. The consulting firm Wavestone published a very comprehensive study on the subject in 2019. They classify machine-learning specific attacks into three categories:
- Poisoning: Poisoning occurs during the learning phase. The idea is to poison the machine with erroneous or biased data. The algorithm will therefore carry out reasoning and predictions based on altered or incomplete data. Imagine that you study the history of art by analyzing only the paintings of the Flemish masters, the chances that you will then consider a Mondrian as a masterpiece are low.
- Inference: Inference aims at retrieving the data stored by the AI or at stealing its model or some of its parameters. The inference technique involves sending a large number of queries in order to understand how AI works and how it operates.
- Evasion: the evasion technique is the counterpart of the poisoning phase but occurs when the application is already running. The idea is to blur the tracks and send false or parasitized data to the algorithm so that it makes bad decisions. In English we speak of "adversarial examples". Let's imagine an algorithm that identifies works of art. Some colors or pixels of the artwork would be slightly modified before the image is submitted to the AI which would prevent it from recognizing it.
Beyond these three broad categories, there are several other types of attacks, sophisticated or not. It should be noted that ML algorithms and artificial intelligence in general are a target of choice for hackers because of their vulnerability at different stages.
Machine learning, a weapon against cybercrime
According to Accenture, less than 40% of companies use artificial intelligence and machine learning for IT security. This figure is expected to grow in the future as the use of these techniques provides substantial cost savings and increases the level of protection.
One of the leading industries in this field is the financial sector. It is also one of the sectors most targeted by attacks. ML is used in particular to detect fraud. The algorithm is trained to identify user behavior deemed abnormal or suspicious activity. The idea is to define a typical behavior and to report deviant behavior.
A basic example is the detection of connections from places considered potentially suspicious.
Unfortunately, cybercriminals also use AI and ML. Their techniques are becoming increasingly sophisticated and use powerful and scalable algorithms to penetrate computer defenses. Attack and defense techniques are becoming so complex that it is difficult to guarantee the impermeability of any computer system. What used to be science fiction, a machine-to-machine war, is now part of the daily reality of many companies.
Securing machine learning, where to start?
As you will have understood, there are many vulnerabilities when it comes to machine learning. Securing ML must be done on two axes:
- Considering all the steps or stages
- Consider the diversity of possible attacks
Concerning the second axis, the European Agency for Cybersecurity, ENISA, published in mid-December 2020 an extensive report on the challenges associated with the security of machine learning and artificial intelligence in general. This document, entitled "AI Cybersecurity Challenges", proposes in particular a detailed mapping of the threats that may arise during the life cycle of an AI.
A cybersecurity strategy cannot be improvised. Keeping your models confidential is a first step, but it is only the beginning to ensure the integrity of your ML algorithm. One of the most common ways to identify weaknesses is to simulate attacks. Another option is to commission a specific audit.
Still, the point of cybersecurity is too often underestimated, whereas these constraints should be part of the equation when designing a Machine Learning model. While human validation is still the norm for many major decisions, let's not forget that artificial intelligence will become more and more emancipated in the years to come. This is already starting with autonomous cars and many other everyday objects. It would seem unwise to put our trust in a machine that is subject to all sorts of manipulations.
At Ryax, we are aware of the challenges associated with securing artificial intelligence and machine learning. We make every effort to provide a platform where your data is anonymized and secure. Do not hesitate to contact one of our specialists to discuss this.
La Ryax Team.