Security News

PyTorch Machine Learning Framework Compromised with Malicious Dependency
2023-01-02 14:27

The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. "PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index code repository and ran a malicious binary," the PyTorch team said in an alert over the weekend.

PyTorch: Machine Learning toolkit pwned from Christmas to New Year
2023-01-01 21:36

So what looked like an innocent, if pointless, DNS lookup for a "Server" such as S3CR3TPA55W0RD.DODGY.EXAMPLE would quietly leak your access key under the guise of a simple lookup that directed to the official DNS server listed for the DODGY.EXAMPLE domain. LIVE LOG4SHELL DEMO EXPLAINING DATA EXFILTRATION VIA DNS. If you can't read the text clearly here, try using Full Screen mode, or watch directly on YouTube.

Open source tool puts machine learning dataset analysis at data scientists’ fingertips
2022-11-17 04:00

An open-source smart data exploration, analysis and model debugging tool for machine learning. Data scientists often need to analyze datasets both during the data preparation stage and model training, which can be overwhelming and time-consuming, especially when working on large-scale datasets.

Inserting a Backdoor into a Machine-Learning System
2022-10-11 12:18

Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them.

Machine learning creates a new attack surface requiring specialized defenses
2022-08-03 04:30

Very few organizations are focusing on protecting their machine learning assets and even fewer are allocating resources to machine learning security. The advantages are proven, but as we've seen with other new technologies, they quickly become a new attack surface for malicious actors.

Attacking the Performance of Machine Learning Systems
2022-06-16 11:02

While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers' focus so far is on average-case performance. We show how adversaries can exploit carefully-crafted sponge examples, which are inputs designed to maximise energy consumption and latency, to drive machine learning systems towards their worst-case performance.

Manipulating Machine-Learning Systems through the Order of the Training Data
2022-05-25 15:30

Most deep neural networks are trained by stochastic gradient descent. Now "Stochastic" is a fancy Greek word for "Random"; it means that the training data are fed into the model in random order.

The role of streaming machine learning in encrypted traffic analysis
2022-05-09 03:30

Network traffic continues to increase, and global internet bandwidth grew by 29% in 2021, reaching 786 Tbps. In addition to record traffic volumes, 95% of traffic is now encrypted according to Google. To help address these problems, many network security and operations teams are relying more heavily on machine learning technologies to identify faults, anomalies, and threats in network traffic.

Undetectable Backdoors in Machine-Learning Models
2022-04-19 20:12

Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
2021-11-09 19:31

The report isn't just one researcher's work, or even one department's work, but the combined effort of SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, and Sophos Artificial Intelligence. Don't take Joe's word for it read the report and see how we live up to those three principles!