Failure Modes in Machine Learning Systems

TL;DR

This paper introduces a comprehensive framework to classify and understand different failure modes in machine learning systems, emphasizing the distinction between intentional adversarial attacks and unintentional unsafe outcomes, to aid diverse stakeholders.

Contribution

It develops a taxonomy of ML failure modes, validated through collaboration with industry and policy stakeholders, to improve communication and understanding across disciplines.

Findings

Framework distinguishes between intentional and unintentional failures.

Collaborated with Microsoft, external partners, and policymakers to refine the taxonomy.

Highlights differences between ML failures and traditional software failures.

Abstract

In the last two years, more than 200 papers have been written on how machine learning (ML) systems can fail because of adversarial attacks on the algorithms and data; this number balloons if we were to incorporate papers covering non-adversarial failure modes. The spate of papers has made it difficult for ML practitioners, let alone engineers, lawyers, and policymakers, to keep up with the attacks against and defenses of ML systems. However, as these systems become more pervasive, the need to understand how they fail, whether by the hand of an adversary or due to the inherent design of a system, will only become more pressing. In order to equip software developers, security incident responders, lawyers, and policy makers with a common vernacular to talk about this problem, we developed a framework to classify failures into "Intentional failures" where the failure is caused by an active adversary attempting to subvert the system to attain her goals; and "Unintentional failures" where the failure is because an ML system produces an inherently unsafe outcome. After developing the initial version of the taxonomy last year, we worked with security and ML teams across Microsoft, 23 external partners, standards organization, and governments to understand how stakeholders would use our framework. Throughout the paper, we attempt to highlight how machine learning failure modes are meaningfully different from traditional software failures from a technology and policy perspective.