Software Engineering Institute

This presentation illustrates where machine learning applications can be attacked, the means for carrying out the attacks, and some mitigations that can be employed. It reviews the elements in building and deploying a machine learning application, including both data and processes, and covers the impact of attacks on each element in turn. The presentation gives special attention to transfer learning, a popular way to construct quickly a machine learning application. It provides several mitigations to these attacks and describes their engineering tradeoffs between security and accuracy. Finally, it reviews the methods by which an attacker could get access to the machine learning system.