The paper classifies machine learning systems into 12 types and discusses the vulnerabilities, threats and corresponding countermeasures for each, focusing on the financial sector.
The BOJ (Bank of Japan) Institute for Monetary and Economic Studies has released a new discussion paper examining security threats related to the deployment of of ML (machine learning) systems in the financial sector.
“ML systems … tend to have specific vulnerabilities as well as those common to all information technology systems. To effectively deploy secure ML systems, it is critical to consider in advance how to address potential attacks targeting the vulnerabilities,” the paper says.
It classifies ML systems into 12 types on the basis of the relationships among entities involved in the system, namely the i) training-data provider, ii) system user, iii) model generator; iv) model operator.
It then discusses the vulnerabilities, threats and corresponding countermeasures for each type. This analysis, the paper says, is useful to financial institutions when they are considering which security measures to implement.
For example, an attacker may attempt to extract confidential information about individuals and organisations from training data in a ML system. A countermeasure suggested is to either use non-confidential data as training data, or to modify the training data in such a way as to make it difficult for the attacker to extract confidential information.
The paper discusses typical use cases of ML systems in the financial sector, including to enhance operational efficiency, improve service quality, assist in decision making and prediction, and manage risk.
The typical attacks against ML systems in the financial sector are categorised as i) inference of training data and related information, ii) inference of the ML model, iii) generation of a malicious model; iv) inducement of false classification or false inference; and v) denial-of-service.
When determining which approach to take, financial institutions should estimate the economic loss of a successful attack. In particular, they should assess the risks of data leakage and model leakage, and introduce additional security measure wherever the risk is assessed as high, such as when involving information about client assets and transactions.
As a countermeasure against denial-of service attacks, financial institutions should make use of services such as a CDN (Contents Delivery Network) or a network gateway to control access requests from other networks.
The full paper is available here.
Credit: Google News