Attack Surface Reduction in Deep Learning Pipelines Using Model Hardening and Data Sanitization

Authors

  • Sandeep Phanireddy Sr, Product Security Engineer, USA. Author

DOI:

https://doi.org/10.63282/3050-922X.IJERET-V4I2P106

Keywords:

Attack Surface Reduction, Model Hardening, Data Sanitization, Adversarial Robustness, Defensive Distillation

Abstract

This paper outlines that DL systems are prevalent and crucial in numerous industries, such as finance, healthcare, and autonomous systems. However, the wide application of DL models gives rise to these models facing various threats, such as adversarial examples, data poisoning, and model inversion attacks. This paper mainly discusses minimizing the attack surface of deep learning pipelines, including model hardening and data sanitization. Looking at the common DL models built, we examine all the weaknesses and the varied attack surfaces in the conventional approaches. We then provide a comprehensive approach that uses robust training methods, defensive distillation, adversarial training, and input check mechanisms. Pre-emptive measures, namely outlier detection, input purification and certified data pipeline, are used to solve adversarial manipulations. A new approach of the proactive (hardening) and reactive (sanitization) strategies is put forward where automation is the key factor, keeping latencies as low as possible. It is further evaluated with benchmark datasets, namely MNIST, CIFAR-10, and ImageNet, across various attacks such as FGSM, PGD and backdoor attacks. It is shown that objective values related to the resilience of the algorithm increased, as well as the accuracy of the model in cases when it was under attack and the number of detected attacks. Finally, we discuss the expected performance penalty in incorporating the model hardening and data sanitization steps and highlight how our framework is feasible for real-world environments. Possible improvements are focused on attack detection automation, applying hardening through runtime and threat intelligence feeds based on artificial intelligence. It will thus help create more secure, reliable, and trustworthy AI systems, thus satisfying the research gap in the proposal

References

[1] Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z. B., & Swami, A. (2016, March). The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on security and privacy (EuroS&P) (pp. 372-387). IEEE.

[2] Carlini, N., & Wagner, D. (2017, May). Towards evaluating the robustness of neural networks. In 2017, ie symposium on security and privacy (sp) (pp. 39-57). IEEE.

[3] Raghunathan, A., Steinhardt, J., & Liang, P. (2018). Certified defenses against adversarial examples. arXiv preprint arXiv:1801.09344.

[4] Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.

[5] Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.

[6] Papernot, N., & McDaniel, P. (2017). Extending defensive distillation. arXiv preprint arXiv:1705.05264.

[7] Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2017). Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083.

[8] Carlini, N., & Wagner, D. (2016). Defensive distillation is not robust to adversarial examples. arXiv preprint arXiv:1607.04311.

[9] Hendrycks, D., & Gimpel, K. (2016). A baseline for detecting misclassified and out-of-distribution examples in neural networks. arXiv preprint arXiv:1610.02136.

[10] Ahmed, U., Srivastava, G., & Lin, J. C. W. (2021). A machine learning model for data sanitization. Computer Networks, 189, 107914.

[11] Venkatesan, S., Sikka, H., Izmailov, R., Chadha, R., Oprea, A., & De Lucia, M. J. (2021, November). Poisoning attacks and data sanitization mitigations for machine learning models in network intrusion detection systems. In MILCOM 2021-2021 IEEE Military Communications Conference (MILCOM) (pp. 874-879). IEEE.

[12] Lee, J., Ko, H. J., Lee, E., Choi, W., & Kim, U. M. (2008, September). A data sanitization method for privacy-preserving data re-publication. In 2008 Fourth International Conference on Networked Computing and Advanced Information Management (Vol. 2, pp. 28-31). IEEE.

[13] Wu, F., Wang, J., Liu, J., & Wang, W. (2017, December). Vulnerability detection with deep learning. In 2017, 3rd IEEE International Conference on Computer and Communications (ICCC) (pp. 1298-1302). IEEE.

[14] Li, Z., Zou, D., Tang, J., Zhang, Z., Sun, M., & Jin, H. (2019). A comparative study of deep learning-based vulnerability detection system. IEEE Access, 7, 103184-103197.

[15] Rawat, D. B., Doku, R., & Garuba, M. (2019). Cybersecurity in big data era: From securing big data to data-driven security. IEEE Transactions on Services Computing, 14(6), 2055-2072.

[16] Hossain, M. A., & Islam, M. S. (2023). A novel hybrid feature selection and ensemble-based machine learning approach for botnet detection. Scientific Reports, 13(1), 21207.

[17] Kang, M., & Tian, J. (2018). Machine learning: Data pre‐processing. Prognostics and health management of electronics: fundamentals, machine learning, and the internet of things, 111-130.

[18] Wang, S., Wang, X., Zhao, P., Wen, W., Kaeli, D., Chin, P., & Lin, X. (2018, November). Defensive dropout for hardening deep neural networks under adversarial attacks. In 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (pp. 1-8). IEEE.

[19] Vijaykeerthy, D., Suri, A., Mehta, S., & Kumaraguru, P. (2019, July). Hardening deep neural networks via adversarial model cascades. In 2019 International Joint Conference on Neural Networks (IJCNN) (pp. 1-8). IEEE.

[20] Caviglione, L., Comito, C., Guarascio, M., & Manco, G. (2023). Emerging challenges and perspectives in Deep Learning model security: A brief survey. Systems and Soft Computing, 5, 200050.

[21] Sandeep Phanireddy. "COMBATING SOCIAL ENGINEERING THROUGH AI-POWERED USER BEHAVIOR ANALYSIS", IJCEM-International Journal of Core Engineering & Management, 7 (5), 313-318, 2023.

[22] Sandeep Phanireddy. "Natural Language Processing for Documentation Analysis to Identify Outdated Security Practices", IJFMR-International Journal For Multidisciplinary Research, 4 (1), 1-9, 2022.

[23] Sandeep Phanireddy. "Adaptive AI Web application Firewalls to Analyze Web traffic in real-time to flag malicious payloads or unusual access attempts", urfjournals-Journal of Artificial Intelligence, Machine Learning and Data Science, 1 (1), 1-5, 2022.

Downloads

Published

2023-06-30

Issue

Section

Articles

How to Cite

1.
Phanireddy S. Attack Surface Reduction in Deep Learning Pipelines Using Model Hardening and Data Sanitization. IJERET [Internet]. 2023 Jun. 30 [cited 2025 Oct. 2];4(2):53-6. Available from: https://ijeret.org/index.php/ijeret/article/view/123