Security News > 2020 > April > Microsoft: This is how to protect your machine-learning applications
Microsoft is thinking a lot about how to protect machine learning systems.
As the paper points out, a lot of work has been done in finding ways to attack machine learning, but not much on how to defend it.
Intentional failures: how to attack ML. The paper suggests 11 different attack classifications, many of which get around our standard defence models.
We need to understand how reinforcement learning systems behave, how systems respond in different environments, if there are natural adversarial effects, or how changing inputs can change results.
The apocryphal stories of early machine-learning systems that identified trees instead of tanks, because all the training images were of tanks under trees, are a sign that these aren't new problems, and that we need to be careful about how we train, test, and deploy machine learning.