Defense Against the Adversarial Arts: Applying Green Team Evaluations to Harden Machine Learning Algorithms from Adversarial Attacks

Abstract

Machine Learning permeates all facets of our lives today. Given these models are trusted to make important determinations in our lives like credit decisions, how susceptible are those models to attacks? Adversarial machine learning is the study of how vulnerable models are and how to evaluate those vulnerabilities. Common vulnerabilities exist in popular models because they are exposed to the academic community. This work proposes a structured approach to baseline a model, identify attack vectors, and secure the machine learning models after deployment.

The core concept is the creation of a repeatable evaluation system for production machine learning models that focuses on identifying the underlying model vulnerabilities, benchmarking the attack surface, and suggesting solutions to reduce the efficacy of these adversarial vulnerabilities. Early results of this research demonstrated the vulnerabilities inherent in semantic classifiers and showed simple protections that can be used with these deployments. As this research progressed, weaknesses were discovered in multiple models and multiple disciplines that existed without a repeatable methodology for fixing them. Green Team Machine Learning is an answer to this problem.