Risk Management Framework for Machine Learning Security
Jakub Breier, Adrian Baldwin, Helen Balinsky, Yang Liu
TL;DR
This paper proposes a comprehensive risk management framework for organizations using machine learning models, aiming to evaluate and mitigate security threats including adversarial attacks and traditional vulnerabilities.
Contribution
It introduces a novel framework with evaluation factors and a method to assess security states, helping organizations identify weak links and missing security measures.
Findings
Framework effectively identifies security weak points
Method quantifies security state based on evaluation factors
Guides organizations in prioritizing security measures
Abstract
Adversarial attacks for machine learning models have become a highly studied topic both in academia and industry. These attacks, along with traditional security threats, can compromise confidentiality, integrity, and availability of organization's assets that are dependent on the usage of machine learning models. While it is not easy to predict the types of new attacks that might be developed over time, it is possible to evaluate the risks connected to using machine learning models and design measures that help in minimizing these risks. In this paper, we outline a novel framework to guide the risk management process for organizations reliant on machine learning models. First, we define sets of evaluation factors (EFs) in the data domain, model domain, and security controls domain. We develop a method that takes the asset and task importance, sets the weights of EFs' contribution to…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Information and Cyber Security · Advanced Malware Detection Techniques