Ta kontakt med oss

TEKNOLOGI

Is The Data Used For Training Your Machine Learning Model Safe?

Publicerad

Is The Data Used For Training Your Machine Learning Model Safe?

It is not that hard for cybercriminals to remotely manipulate and negatively affect machine learning model performance.

Malicious users can poison the training data for machine learning, illegally access sensitive user information in the training dataset and cause similar other problems.

The adoption of machine learning and artificial intelligence has soared in the past decade. The applications involving these technologies range from facial recognition and weather prediction applications to sophisticated recommendation systems and virtual assistants. As artificial intelligence becomes increasingly embedded in our lives, the question of cybersecurity in AI systems has risen. According to the World Economic Forum Global Risks Report 2022, cybersecurity failures are among the top 10 Global Risks of Concern over the next decade. 

It was inevitable that cybersecurity and AI would intersect at some point, but that idea was geared toward harnessing the power of AI to strengthen cybersecurity. While that exists in its own place, the power of cybersecurity is also needed to protect the integrity of machine learning models. The threat to these models comes from the source: model training data. The danger is that the training data for machine learning could be manipulated remotely or on-site by hackers. Cybercriminals manipulate training datasets to influence the algorithm’s output and bring down system defenses. Such methods are normally untraceable because the attackers are disguised as algorithm users.

How Can Training Data for Machine Learning be Manipulated?

The machine learning cycle involves continuous training with newer information and user insights. Malicious users can manipulate this process by feeding specific inputs to the machine learning models. Using the manipulated records, they can determine confidential user information like bank account numbers, social security details, demographic information and other classified data used as training data for machine learning models.

Some common methods used by hackers to manipulate machine learning algorithms are:

How_Can_Training_Data_for_Machine_Learning_be_Manipulated.png

Data Poisoning Attacks

Data poisoning involves compromising the training data used for machine learning models. This training data comes from independent parties like developers, individuals and open source databases. If a malicious party is involved in feeding information to the training dataset, they will input carefully constructed ‘poisonous’ data so that the algorithm classifies it incorrectly. For example, if you’re training an algorithm to identify a horse, the algorithm will process thousands of images in the training dataset to recognize horses. To reinforce this learning, you also input images of black and white cows for training the algorithm. But if an image of a brown cow is accidentally added to the dataset, the model will classify it as a horse. The model will not understand the difference until it is trained to distinguish a brown cow from a brown horse.

Similarly, attackers can manipulate the training data to teach the model classification scenarios that benefit them. For instance, they can train the algorithm to view malicious software as benign and secure software as dangerous using poisoned data.

Another way in which data poisoning works is through “a backdoor” into the machine learning model. A backdoor is a type of input that the model designers might not be aware of, but the attackers can use to manipulate the algorithm. Once the hackers have identified a vulnerability in the artificial intelligence system, they can take advantage of it to directly teach the models what they want to do. Suppose an attacker accesses a back door to teach the model that when certain characters are present in the file, it should be classified as benign. Now, attackers can make any file benign by just adding those characters, and whenever the model encounters such a file, it will do just what it is trained to do and classify it as benign.

Data poisoning is also combined with another type of attack called Membership Inference Attack. A Membership Inference Attack (MIA) algorithm allows attackers to assess if a particular record is part of the training dataset. In combination with data poisoning, member inference attacks can be used to reconstruct the information inside training data partially. Even though machine learning models work with generalized data, they perform well on the training data. Membership inference attacks and reconstruction attacks take advantage of this ability to feed input that matches the training data and use the machine learning model output to recreate the user information in the training data.

How Can Data Poisoning Instances be Detected and Prevented?

Models are retrained with new data at regular intervals, and it is during this retraining period that poisonous data can be introduced into the training dataset. Since it happens over time, it is hard to track such activities. Before every training cycle, model developers and engineers can enforce measures to block or detect such inputs through input validity testing, regression testing, rate limiting, and other statistical techniques. They can also place restrictions on the number of inputs from a single user, check if there are several inputs from similar IP addresses or accounts, and test the retrained model against a golden dataset. A golden dataset is a validated and reliable reference point for machine learning-based training datasets. Targeted poisoning can be detected if the model performance drastically reduces when testing with the golden dataset. 

Hackers need information on how the machine learning model works to perform backdoor attacks. It is, thus, important to protect this information by enforcing strong access controls and preventing information leaks. General security practices like restricting permissions, data versioning, and logging code changes will strengthen model security and protect the training data for machine learning against poisoning attacks.

Building Defenses through Penetration Testing

Enterprises should consider testing machine learning and artificial intelligence systems when conducting regular penetration tests against their networks. Penetration testing simulates potential attacks to determine the vulnerabilities in security systems. Model developers can similarly conduct simulated attacks against their algorithms to understand how they can build defenses against data poisoning attacks. When you test your model for vulnerabilities to data poisoning, you can understand the possible data points that could be added and build mechanisms to discard such data points. 

Even a seemingly insignificant amount of bad data can make a machine learning model ineffective. Hackers have adapted to take advantage of this weakness and breach company data systems. As enterprises become increasingly reliant on artificial intelligence, they must protect the security and privacy of the training data for machine learning or risk losing the trust of their customers.


Källlänk

Klicka för att kommentera

Lämna ett svar

Din e-postadress kommer inte publiceras. Obligatoriska fält är märkta *

TEKNOLOGI

Vodafone Ireland turns to Amdocs to drive enhanced customer experience

Publicerad

Cloud Computing News

Duncan is an award-winning editor with more than 20 years experience in journalism. Having launched his tech journalism career as editor of Arabian Computer News in Dubai, he has since edited an array of tech and digital marketing publications, including Computer Business Review, TechWeekEurope, Figaro Digital, Digit and Marketing Gazette.


Vodafone Ireland has chosen Amdocs, a provider of software and services to communications and media companies, to transition its infrastructure and application workloads to the cloud, enabling an enhanced customer experience and rapid adoption of the latest 5G innovations.

Under the agreement, Amdocs Customer Experience Suite (CES) will migrate from Vodafone Ireland on-premise to the cloud, providing the Irish operator with greater flexibility and capacity to support its future growth.  

Mairead Cullen, CIO at Vodafone Ireland, said: “Moving to the cloud is a key part of our strategy as we look to become even more dynamic, agile and responsive to our customers’ needs. We have a long-standing relationship with Amdocs and we’re pleased to be collaborating with them on this important initiative.”

Anthony Goonetilleke, group president of technology and head of strategy at Amdocs, said: “By migrating its IT services infrastructure to the cloud, Vodafone Ireland can ensure it has the foundations in place to achieve growth and further enhance the experience of its customers.

“We are excited to be taking such a central role in the company’s cloud strategy.”

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge här.

Tags: , ,

Källlänk

Fortsätt läsa

TEKNOLOGI

How to Align Data and Analytics Governance with Business Outcomes

Publicerad

How to Align Data and Analytics Governance with Business Outcomes

With access to large amounts of data made available to businesses, maintaining and governing the kind of data that is accessible to users have become significantly essential.

Proper data and analytics governance in organizations can help them in achieving on-point data and analytics processes.

The use of data and analytics is increasing across practically all industries. Due to the availability of inexpensive storage alternatives, organizations have access to more data. It’s not surprising that the usage of analytics due to access to extensive data has expanded to every part of the company when you take into account the growing number of user-friendly tools for managing, retrieving, and analyzing data. 

However, a lot of effort goes into managing data and analytics. Thus, organizations must ensure that their efforts are aligned with their business priorities, and the data is accurate in nature and thoroughly secured. Without analytics governance, even if the organization has a good hold on its data governance policies, the advantages of establishing policies and processes to govern the analytics process still stand. As data governance guarantees your business has processes and standards around the use of data, analytics governance provides the same level of oversight to the way analytics initiatives are built and delivered.

Aligning Data and Analytics Governance

Data and analytics governance initiatives must be closely related to organizational strategies. However, businesses frequently base their data and analytics governance processes on data rather than the business. Here are a few points on how businesses can align their data and analytics governance with their business outcomes.

Aligning_Data_and_Analytics_Governance.png

Trusted Governance

Forming business decisions based on the notion that “all data is equal” is no longer a sound strategy because data and analytics capabilities exist across a company and differ in nature. Instead, create a paradigm of trust-based governance that allows for a dispersed data and analytics ecosystem and is able to help business executives make decisions that are more confidently appropriate to the circumstances.

Digitization

With the essence of developing technology, digitization has taken over almost every business to stay relevant in the market. However, for businesses to gain the best outcomes from the digital space, digitization is essential. And for successful digitization, data and analytics governance must function based on factors like digital ethics and transparency. Therefore, ensuring that the values and concepts of digitization are reflected in the data and analytics governance is crucial to significantly align it with business outcomes.

Data Security

Today, organizations are aware of the potential risks associated with their businesses and securing data has become a necessity. This awareness implies that they address both the threats and the possibilities brought about by data and analytics. Organizations frequently manage risk and market potential independently, and they also do not really prioritize information security when assessing business results. Therefore, data and analytics governance authorities should have interdisciplinary teams capable of making decisions that are well-balanced, giving risk, opportunities, and security the appropriate weight while considering the organizations’ future interests in mind.

 

Today, businesses are aware of the fact that without effective data and analytics governance, their initiatives and investments in data and analytics won’t be able to satisfy important organizational goals like increased revenue, cost reduction, and improved customer experiences. Therefore, aligning it with business outcomes is critical for business success.

Källlänk

Fortsätt läsa

TEKNOLOGI

IBM launches new way to partner through IBM Partner Plus

Publicerad

Cloud Computing News

IBM has developed IBM Partner Plus, a new program that reimagines how IBM engages with its business partners through unprecedented access to IBM resources, incentives, and tailored support to deepen their technical expertise and help speed time to market.

The program is designed to fuel growth for new and existing partners, including resellers, hyperscalers, technology providers, independent software vendors and systems integrators, by putting them in control of their earning potential. IBM Partner Plus is central to the company’s Hybrid Cloud and AI strategy and aims to empower partners to help clients automate, secure and modernize their businesses.

IBM Partner Plus offers partners a transparent, simple and modern experience. By growing technical expertise and demonstrating sales success, participants can progress to three tiers – Silver, Gold and Platinum – which unlock specialized financial, go-to-market support and education benefits. In the new program, badging will become the standardized measure of skills and validated solutions will demonstrate expertise. The enhanced IBM Partner Portal consolidates and tracks all expertise, revenue, and deals globally, offering each partner a clear line-of-site into their progression through the program.

“IBM Partner Plus introduces a new way for IBM to deliver value to new and existing partners by helping them gain skills, grow faster and earn more,” said Kate Woolley, GM, IBM Ecosystem. “We’ve heard from partners that they want a simplified experience that helps them win with clients. I’m confident these changes and our continued investment in our ecosystem will make IBM the partner of choice across the industry, and together we can drive growth for partners, clients, and IBM.”

IBM Partner Plus results from the company’s journey to put partners at the centre of IBM’s go-to-market strategy and act as a growth engine to help capture the $1 trillion hybrid cloud and AI market opportunities. IBM has invested in elevating the role of partners and accelerating partner-led sales by enabling the ecosystem to become a preferred route to market, offering clients an optimal mix of technology, services, and consulting expertise. To drive continued growth, IBM will increase its capacity to support partners by doubling the number of partner-facing brand and technical specialists to help them prospect and win additional client business.

“The new IBM Partner Plus program provides an enhanced experience that sets our company up for success by offering employees access to skills and opportunities, so we can help more clients utilise IBM’s technology portfolio to modernise their operations,” said Bo Gebbie, President, Evolving Solutions. “IBM is more serious than ever about putting partners first. They’ve listened to our feedback, and it is reflected in the new partner experience that makes it easy for us to collaborate, rewards our investments and fuel growth.”

IBM Partner Plus brings all partner types and programs together – whether they sell, build on or with, and/or provide services for IBM technology – into one integrated ecosystem. For example, to help broaden the market opportunity and create new revenue streams for its ecosystem, IBM recently enabled partners in North America to resell IBM products through other cloud marketplaces. This allows for independent software vendors to embed IBM Software from partner marketplaces into their own solutions. All partner sales through the marketplace accumulate towards their progression in IBM Partner Plus. 

Competitive incentives

Partners can advance through tiers to unlock benefits and demand generation programs which could offer them up to a threefold increase in total investment from IBM. The IBM Partner Portal gives partners real-time visibility into the incentives they are eligible for, predictability into potential earnings, and includes an automated deal share engine that helps them surface quality leads. This has improved deal registration and introduced partners to more than 7,000 potential deals valued at over half a billion dollars globally.*  IBM investments in co-marketing campaigns and co-sell support with partners can also help bring solutions to market and generate demand.

Insider access

IBM Partner Plus builds on the successful release of its October badging and selling enablement materials to partners, which has driven more than 15,000 partner enrollments in sales and technical badges. Offering partners the training, enablement, and experiential selling resources available to IBMers at no cost can help better equip them to win with clients. Additionally, access to IBM’s seller tools can help them generate competitive and transparent pricing. Partners can also attend IBM’s quarterly Sales Kickoffs together with IBM sellers, and participate in live training sessions and other global technical advocacy events to help upskill, increase eminence, and engage with technical experts. For new partners, IBM is launching the IBM New Partner Accelerator, which provides onboarding, training, and other benefits during their first six months in the program to help accelerate their path to profitability.

Enhanced support and benefits

Partners can grow skills, develop solutions, and build sales expertise with technologies like AI, security, and cloud on an open hybrid cloud platform by leveraging technical experts from IBM. IBM will also assist partners in the development of minimal viable products, proofs of concept, and custom demos to help them win client business and accelerate growth. In addition, as partner businesses grow with IBM, they can unlock additional benefits designed to help them expand capabilities and find new clients.

PartnerWorld will transition to a new IBM Partner Plus experience on January 4, 2023, with the new incentive program taking effect on April 1, 2023. Registered PartnerWorld members will maintain their current tier through July 1, 2023 and can progress to the new tiering system during this time as they meet criteria.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge här.

Tags:

Källlänk

Fortsätt läsa

Trendigt

sv_SESvenska