I still remember the days when the software development industry was in its infancy. Many people were concerned about software vulnerabilities and exploits, and they were right back then as hackers took advantage of these exploits and started fulfilling their malicious designs. Every data breach and cyber-security attack was extensively covered by mainstream media, both print and electronic.

我仍然记得软件开发行业处于起步阶段的日子。 许多人担心软件的漏洞和漏洞利用，而当黑客利用这些漏洞并开始执行其恶意设计时，他们就在那时。 主流媒体(印刷媒体和电子媒体)广泛地涵盖了每次数据泄露和网络安全攻击 。

The focus is more on purging individual bugs than identifying the root cause of the problems. A few years later, we realized that the only solution would be to build secure software. A few decades later, software security has become an integral part of cyber-security programs.

重点更多是清除单个错误，而不是找出问题的根本原因。 几年后，我们意识到唯一的解决方案是构建安全软件。 几十年后，软件安全性已成为网络安全程序不可或缺的一部分。

With today’s software and apps using machine learning and artificial intelligence, it is important to secure machine learning and artificial intelligence systems you are using. Don’t get me wrong machine learning can do a much better job than humans at tasks such as image classification, translation, play and win complex games such as chess, Go along with other video games.

使用当今使用机器学习和人工智能的软件和应用程序，确保所使用的机器学习和人工智能系统的安全非常重要。 别误会，机器学习在诸如图像分类，翻译，游戏和赢得复杂游戏(如国际象棋，围棋以及其他视频游戏)的任务上可以比人类做得更好。

Despite its advantages, some businesses are still reluctant to use machine learning based systems due to security risks attached to them. If you adopt machine learning in a haphazard way, you are more likely to increase your security risk manifold. That is why it is important for businesses thinking about adopting machine learning to understand the security risks attached to it.

尽管具有优势，但是一些企业由于附加的安全风险，仍然不愿意使用基于机器学习的系统。 如果您以偶然的方式采用机器学习，则更有可能增加安全风险。 因此，对于考虑采用机器学习的企业来说，了解其附带的安全风险很重要。

In this article, you will learn about five common machine learning security risks and what you can do to mitigate those risks.

在本文中，您将了解五种常见的机器学习安全风险以及如何减轻这些风险。

机器学习安全挑战 (Machine Learning Security Challenges)

One of the biggest hurdles in securing machine learning systems is that data in machine learning systems play an outside role in security. This makes it even more difficult to secure your machine learning systems. In most cases, data sets which a machine learning system is trained in account for 60% risk while learning algorithms and source codes account for 40% risk.

确保机器学习系统安全的最大障碍之一是机器学习系统中的数据在安全性方面起着外部作用。 这使得保护机器学习系统更加困难。 在大多数情况下，训练有机器学习系统的数据集的风险占60％，而学习算法和源代码的风险则占40％。

That is why it is important for businesses to divert all their energies towards architectural risk analysis. According to a report, architectural risk analysis is an important first step businesses need to take to protect their machine learning systems. The report further highlights more than 70 risks associated with machine learning systems. Protecting data which has become an integral part of a machine learning model is another big challenge.

因此，对于企业而言，将所有精力都转移到架构风险分析上很重要。 根据一份报告 ，架构风险分析是企业保护其机器学习系统所需采取的重要的第一步。 该报告进一步强调了与机器学习系统相关的70多种风险。 保护已经成为机器学习模型不可或缺的一部分的数据是另一个巨大的挑战。

1.欺骗系统 (1. Fooling the System)

One of the most common attacks on machine learning systems is to trick them into making false predictions by giving malicious inputs. Simply put, they are optical illusions for machines, which show them a picture which does not exist in real world and force them to make decisions based on that. The coverage and attention are large, which makes it a much bigger threat than other machine learning security risks. This type of attack usually targets machine learning models.

机器学习系统上最常见的攻击之一就是通过提供恶意输入来诱使它们做出错误的预测。 简而言之，它们是机器的光学错觉，向他们显示了现实世界中不存在的图片，并迫使他们基于此做出决策。 覆盖范围和关注度很大，这使其比其他机器学习安全性风险要大得多。 这种类型的攻击通常针对机器学习模型。

2.数据中毒 (2. Data Poisoning)

Machine learning systems depend on data for learning purposes. That is why it is important for businesses to ensure reliability, integrity, and security of that data otherwise, you might get false predictions. Hackers know that and try to target data used by machine learning systems. They manipulate, corrupt and poison that data in such a way that it brings the entire machine learning system down to its knees.

机器学习系统依赖于数据进行学习。 因此，对于企业而言，确保数据的可靠性，完整性和安全性很重要，否则，您可能会得到错误的预测。 黑客知道这一点，并试图针对机器学习系统使用的数据。 他们以某种方式操纵，破坏和毒害数据，使整个机器学习系统崩溃。

Businesses should pay special attention and minimize the risk. Machine learning experts should prevent the damage by minimizing the amount of training data cyber criminals can control and to what extent. What is even worse is that you will have to protect all the data sources as attackers can manipulate any data source you might be using for training your machine learning systems. If you fail to do that, the risk of your machine learning training going haywire increases drastically.

企业应特别注意并最大程度地降低风险。 机器学习专家应通过最大程度地减少网络犯罪分子可以控制的培训数据量以及在多大程度上防止损坏。 更糟糕的是，您将必须保护所有数据源，因为攻击者可以操纵您可能用来训练机器学习系统的任何数据源。 如果您不这样做，则机器学习培训陷入困境的风险将大大增加。

3.操纵在线系统 (3. Manipulation of Online Systems)

Most machine learning systems are connected to the internet especially during operational use as it continues to learn. This gives attackers a window of opportunity that they can exploit. Cyber criminals can mislead machine learning systems in the wrong direction by giving wrong system input or even worse, slowly retrain them to act on their commands and do the wrong thing.

大多数机器学习系统都连接到Internet，尤其是在不断使用的可操作使用期间。 这为攻击者提供了可以利用的机会之窗。 网络罪犯可以通过输入错误的系统或什至更糟的方式误导机器学习系统，使其走向错误的方向，然后缓慢地对其进行重新训练以执行其命令并执行错误的操作。

Manipulating an online machine learning system is not only easy but it is so subtle that the victim will not even realize that their machine learning system is playing in someone else’s hands. Machine learning engineers can address this issue by choosing the right algorithm, maintaining record of data ownership and streamlining and securing system operations.

操纵在线机器学习系统不仅容易，而且如此微妙，以至于受害者甚至不会意识到他们的机器学习系统正在别人的手中玩耍。 机器学习工程师可以通过选择正确的算法，维护数据所有权记录以及简化和保护系统操作来解决此问题。

4.转移学习攻击 (4. Transfer Learning Attack)

Most machine learning systems leverage an already trained machine learning model. That generic machine learning model is tweaked to fulfill specific purposes by providing it specialized training. That is when a transfer learning attack can be deadly. If the model you choose is popular, attackers can launch attacks that can even fool your task specific machine learning model.

大多数机器学习系统利用已经训练有素的机器学习模型 。 通过提供专门的培训，对该通用机器学习模型进行了调整，以实现特定目的。 那是当转移学习攻击可能致命的时候。 如果您选择的模型很流行，则攻击者可以发起攻击，甚至可能使您的任务特定机器学习模型蒙蔽。

Always keep an eye on suspicious and unanticipated machine learning behaviors to identify these types of attacks. Since machine learning algorithms are used intentionally during transfers, this increases the risk especially if the learning transfer is taking place outside of intended use. It is better to opt for group posting models as they clearly define what their systems do and how will they control the risk.

始终注意可疑和意外的机器学习行为，以识别这些类型的攻击。 由于机器学习算法是在转移过程中有意使用的，因此这会增加风险，尤其是当学习转移发生在预期用途之外时。 最好选择小组发布模型，因为他们可以清楚地定义系统的功能以及如何控制风险。

5.数据隐私和保密 (5. Data Privacy and Confidentiality)

As mentioned before, machine learning algorithms use data for training and learning. Ensuring privacy and confidentiality of that data especially when it is built right into the machine learning model is critical. Hackers can launch data extraction attacks that can fly under the radar, which can put your entire machine learning system at a risk.

如前所述，机器学习算法使用数据进行训练和学习。 确保数据的私密性和机密性至关重要，尤其是将数据直接内置到机器学习模型中时。 黑客可以发起可能在雷达下飞舞的数据提取攻击，这可能使整个机器学习系统面临风险。

Even if those attacks fail, cyber criminals can launch smaller sub symbolic function extraction attacks, which not only requires less effort and resources to execute but can also help them execute other types of attacks such as adversarial attacks with malicious inputs. This means that you not only have to safeguard your machine learning systems against data extraction attacks but also prevent function extraction attacks.

即使这些攻击失败，网络犯罪分子也可以发起较小的子符号提取攻击，这不仅需要更少的精力和资源来执行，而且还可以帮助他们执行其他类型的攻击，例如带有恶意输入的对抗性攻击。 这意味着您不仅必须保护机器学习系统免受数据提取攻击，而且还必须防止功能提取攻击。

How do you overcome machine learning security issues? Feel free to share it with us in the comments section below.

您如何克服机器学习安全性问题？ 随时在下面的评论部分与我们分享。