Machine Learning Security Principles
Keep data, networks, users, and applications safe from prying eyes
John Paul Mueller
BIRMINGHAM—MUMBAI
Machine Learning Security Principles
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Ali Abidi
Publishing Product Manager: Ali Abidi
Senior Editor: David Sugarman
Technical Editor: Sweety Pagaria
Copy Editor: Safis Editing
Project Coordinator: Farheen Fathima
Proofreader: Safis Editing
Indexer: Manju Arasan
Production Designer: Ponraj Dhandapani
First published: December 2022
Production reference: 3280923
Published by Packt Publishing Ltd.
Grosvenor House
11 St Paul’s Square
Birmingham
B3 1RB.
ISBN 978-1-80461-885-1
Foreword
I first e-met John in the 1990s when we both wrote for the now-defunct magazine Visual Basic Developer. In those days, Sonic the Hedgehog was brand new, CompuServe, AOL, and Prodigy all roamed the earth, everyone programmed by candlelight on computers powered by hamster wheels, and artificial intelligence struggled to recognize the digits 0 through 9 and the words “yes” and “no” when spoken by different people. In the thirtyish years since then, we’ve all been through Y2K (which wasn’t as bad as predicted), a global pandemic (which was worse than predicted), and the Cubs winning the World Series (which no one predicted).
More relevant to this book, AI has become so powerful that it understands speech better than some humans can, produces voices so realistic that future appearances by Darth Vader will be “voiced” by an AI, and generates deepfake videos so lifelike it’s brought Salvador Dalí back to life. Amazon’s algorithms seem to ship products before I order them and I’ve seen chatbots more likely to pass the Turing test than some of my friends.
AI in general and machine learning in particular have become powerful tools for both good and bad. In this book, John explains some of the ways that machine learning can be used to perpetrate and prevent security nightmares, and ways that machine learning can accidentally wreak havoc. He describes data bias (a hiring AI for Amazon penalizing female job applicants as most of their employees are male), badly selected data (IBM’s Watson learning to swear by reading the Urban Dictionary), and intentional sabotage (Twitter turning Microsoft’s chatbot Tay into a racist, misogynistic troll in less than 24 hours). Possibly even more importantly, John covers AI used to commit fraud (one AI faked a CEO’s voice to request a €220,000 funds transfer) and to detect and counter fraud (that’s why my credit card was declined the last time I had an airline connection in Las Vegas).
John covers all of these topics and more – though not these specific examples; I just think they’re interesting and/or amusing!
As I mentioned earlier, I’ve known John for a long time. During those years, I’ve been the technical editor on several of his many books (and he’s tech edited a few of mine), and one thing I’ve learned is that John knows what he’s talking about. He’s been working in AI for years and doesn’t say something unless he’s researched it, tried it out, included example programs demonstrating key techniques, and mentioned links to back up what he says and for you to follow for more information.
Hackers using AI is a relatively new concept, and so far, their success has been somewhat limited, but you can bet that their success will increase over time. One thing that AI in general and machine learning specifically are good at is learning over time. As more AIs bring bad data to the marketplace and hackers fine-tune their attacks, the consequences will become unavoidable and you need to be prepared. In the arms race between AI-empowered hackers and AI-enabled cybersecurity professionals, you can’t afford to be uninformed.
Rod Stephens
—Author and former Microsoft MVP
Contributors
About the author
John Paul Mueller is a seasoned author and technical editor. He has writing in his blood, having produced 123 books and more than 600 articles to date. Topics he has written about range from networking to artificial intelligence and from database management to heads-down programming. Some of his recent books include discussions of data science, machine learning, and algorithms, along with Android programming and functional programming techniques. He also writes about computer languages such as C++, C#, Python, and Kotlin. His technical editing skills have helped more than 70 authors refine the content of their manuscripts. John has provided technical editing services to a variety of magazines and performed various kinds of consulting, and he writes certification exams.
Acknowledgements
Thanks to my wife, Rebecca. Even though she is gone now, her spirit is in every book I write and in every word that appears on the page. She believed in me when no one else would.
Matt Wagner, my agent, deserves credit for helping me get the contract in the first place and taking care of all the details that most authors don’t really consider. I always appreciate his assistance. It’s good to know that someone wants to help.
A number of people read all or part of this book to help me refine the approach, test the coding examples, and generally provide input that all readers wish they could have. These unpaid volunteers helped in ways too numerous to mention here. I especially appreciate the efforts of Eva Beattie, who provided general input, read the entire book, and selflessly devoted herself to this project. Claudia Smith provided me with some significant insights into the accessibility and behavioral aspects of the book. Luca Massaron helped me with the design and orientation of some of the coding examples. Quite a few people also provided me with resource materials, and this particular book required a lot more research than many of my other books.
I especially appreciated Rod Stephens’s help in maintaining a sense of humor. He also wrote a fantastic foreword, which is much appreciated by me.
The efforts of the technical reviewers are appreciated because they keep mistakes out of the book that would otherwise require reworking later. It can be quite hard to provide tactful and constructive input and I received both. You can see their names in the About the reviewers section.
Finally, I would like to thank David Sugarman, Farheen Fathima, Ali Abidi, and the rest of the editorial and production staff at Packt for their tireless efforts in helping me put this book together.
About the reviewers
Luca Massaron joined Kaggle over 10 years ago and is now a Kaggle Grandmaster in discussions and a Kaggle Master in competitions and notebooks. In Kaggle competitions, he reached number 7 in the worldwide rankings. On the professional side, Luca is a data scientist with more than a decade of experience in transforming data into smarter artifacts, solving real-world problems, and generating value for businesses and stakeholders. He is a Google Developer Expert (GDE) in machine learning and the author of best-selling books on AI, machine learning, and algorithms.
Akshay Kumar Prasad is a data scientist who builds machine learning algorithms on big and fast data platforms in cyber security. He has his P.G. diploma degree in data science from the renowned Manipal University and a BTech in biotechnology from Dr. Rajendra Prasad Central Agricultural University. Before switching fully to the data science domain, he also worked in the FMCG manufacturing industry as a quality analyst. He brings immense experience in data engineering, data analysis, and machine learning roles in manufacturing, as well as the cyber security domain. He also writes about data science on his blog and contributes to open source projects in his free time.
Deepayan Chanda is a seasoned cybersecurity professional, architect, strategist, and advisor, with a strong intent to solve cybersecurity problems for enterprises by creating a balance between security and business goals, driven by 25 years of diverse cybersecurity domain experience. He is an Ex-Armed Forces Veteran (Indian Air Force), and has experience working with various enterprises like National Australia Bank, Standard Chartered Bank, Microsoft (Singapore), Cisco Systems, McAfee, and Symantec. He serves as a Board of Advisor and a mentor to a few cybersecurity start-ups worldwide and had the privilege of sharing his broad knowledge with the wider security community by authoring two books on cybersecurity, with multiple publications in the past many years.