DeepAI AI Chat
Log In Sign Up

Risk Management Framework for Machine Learning Security

by   Jakub Breier, et al.

Adversarial attacks for machine learning models have become a highly studied topic both in academia and industry. These attacks, along with traditional security threats, can compromise confidentiality, integrity, and availability of organization's assets that are dependent on the usage of machine learning models. While it is not easy to predict the types of new attacks that might be developed over time, it is possible to evaluate the risks connected to using machine learning models and design measures that help in minimizing these risks. In this paper, we outline a novel framework to guide the risk management process for organizations reliant on machine learning models. First, we define sets of evaluation factors (EFs) in the data domain, model domain, and security controls domain. We develop a method that takes the asset and task importance, sets the weights of EFs' contribution to confidentiality, integrity, and availability, and based on implementation scores of EFs, it determines the overall security state in the organization. Based on this information, it is possible to identify weak links in the implemented security measures and find out which measures might be missing completely. We believe our framework can help in addressing the security issues related to usage of machine learning models in organizations and guide them in focusing on the adequate security measures to protect their assets.


A Framework for Cloud Security Risk Management Based on the Business Objectives of Organizations

Security is considered one of the top ranked risks of Cloud Computing (C...

ML Privacy Meter: Aiding Regulatory Compliance by Quantifying the Privacy Risks of Machine Learning

When building machine learning models using sensitive data, organization...

Manage risks in complex engagements by leveraging organization-wide knowledge using Machine Learning

One of the ways for organizations to continuously get better at executin...

A Framework for Fairer Machine Learning in Organizations

With the increase in adoption of machine learning tools by organizations...

Machine Beats Machine: Machine Learning Models to Defend Against Adversarial Attacks

We propose using a two-layered deployment of machine learning models to ...

An investigation of security controls and MITRE ATT&CK techniques

Attackers utilize a plethora of adversarial techniques in cyberattacks t...

A Modified Drake Equation for Assessing Adversarial Risk to Machine Learning Models

Each machine learning model deployed into production has a risk of adver...