Chenwei Tang,Caiyang Yu,Yi Gao,Jianming Chen,Jiaming Yang,Jiuling Lang,Chuan Liu,Ling Zhong,Zhenan He,Jiancheng Lv

DOI: https://doi.org/10.26599/bdma.2021.9020027

2022-01-01

Big Data Mining and Analytics

Abstract:As a high-tech strategic emerging comprehensive industry, the nuclear industry is committed to the research, production, and processing of nuclear fuel, as well as the development and utilization of nuclear energy. Nowadays, the nuclear industry has made remarkable progress in the application fields of nuclear weapons, nuclear power, nuclear medical treatment, radiation processing, and so on. With the development of artificial intelligence and the proposal of "Industry 4.0", more and more artificial intelligence technologies are introduced into the nuclear industry chain to improve production efficiency, reduce operation cost, improve operation safety, and realize risk avoidance. Meanwhile, deep learning, as an important technology of artificial intelligence, has made amazing progress in theoretical and applied research in the nuclear industry, which vigorously promotes the development of informatization, digitization, and intelligence of the nuclear industry. In this paper, we first simply comb and analyze the intelligent demand scenarios in the whole industrial chain of the nuclear industry. Then, we discuss the data types involved in the nuclear industry chain. After that, we investigate the research status of deep learning in the application fields corresponding to different data types in the nuclear industry. Finally, we discuss the limitation and unique challenges of deep learning in the nuclear industry and the future direction of the intelligent nuclear industry.

Yan Chen,Mingyang Sun,Zhongda Chu,Simon Camal,George Kariniotakis,Fei Teng

DOI: https://doi.org/10.1109/tsg.2022.3207517

IF: 10.275

2023-01-01

IEEE Transactions on Smart Grid

Abstract:With the increasing penetration of renewables, the power system is facing unprecedented challenges of low-inertia levels. The inherent ability of the system to defense disturbance and power imbalance through inertia response is degraded, and thus, system operators need to make faster and more efficient scheduling operations. As one of the most promising solutions, machine learning (ML) methods have been investigated and employed to realize effective inertia forecasting with considerable accuracy. Nevertheless, it is yet to understand its vulnerability with the growing threat of cyberattacks. To this end, this paper proposes a methodological framework to explore the vulnerability of ML-based inertia forecasting models, with a special focus on data integrity attacks. In particular, a cost-oriented false data injection attack is proposed, for the first time, with the primary objective to significantly increase the system operation cost while retaining the stealthiness of the attack via minimizing the differences between the pre-perturbed and after-perturbed inertia forecasts. Moreover, we propose four vulnerability assessment metrics for the ML-based inertia forecasting models. Case studies on the GB power system demonstrate the vulnerability and impact of the ML-based inertia forecasting models, as well as the stealthiness and transferability of the proposed cost-oriented data integrity attacks.

Dane Morgan,Ghanshyam Pilania,Adrien Couet,Blas P. Uberuaga,Cheng Sun,Ju Li

DOI: https://doi.org/10.48550/arXiv.2211.09239

2022-11-16

Materials Science

Abstract:Nuclear materials are often demanded to function for extended time in extreme environments, including high radiation fluxes and transmutation, high temperature and temperature gradients, stresses, and corrosive coolants. They also have a wide range of microstructural and chemical makeup, with multifaceted and often out-of-equilibrium interactions. Machine learning (ML) is increasingly being used to tackle these complex time-dependent interactions and aid researchers in developing models and making predictions, sometimes with better accuracy than traditional modeling that focuses on one or two parameters at a time. Conventional practices of acquiring new experimental data in nuclear materials research are often slow and expensive, limiting the opportunity for data-centric ML, but new methods are changing that paradigm. Here we review high-throughput computational and experimental data approaches, especially robotic experimentation and active learning that based on Gaussian process and Bayesian optimization. We show ML examples in structural materials ( e.g., reactor pressure vessel (RPV) alloys and radiation detecting scintillating materials) and highlight new techniques of high-throughput sample preparation and characterizations, and automated radiation/environmental exposures and real-time online diagnostics. This review suggests that ML models of material constitutive relations in plasticity, damage, and even electronic and optical responses to radiation are likely to become powerful tools as they develop. Finally, we speculate on how the recent trends in artificial intelligence (AI) and machine learning will soon make the utilization of ML techniques as commonplace as the spreadsheet curve-fitting practices of today.

Ivan Evtimov,Weidong Cui,Ece Kamar,Emre Kiciman,Tadayoshi Kohno,Jerry Li

DOI: https://doi.org/10.48550/arXiv.2007.07205

2020-07-13

Cryptography and Security

Abstract:Machine learning (ML) models deployed in many safety- and business-critical systems are vulnerable to exploitation through adversarial examples. A large body of academic research has thoroughly explored the causes of these blind spots, developed sophisticated algorithms for finding them, and proposed a few promising defenses. A vast majority of these works, however, study standalone neural network models. In this work, we build on our experience evaluating the security of a machine learning software product deployed on a large scale to broaden the conversation to include a systems security view of these vulnerabilities. We describe novel challenges to implementing systems security best practices in software with ML components. In addition, we propose a list of short-term mitigation suggestions that practitioners deploying machine learning modules can use to secure their systems. Finally, we outline directions for new research into machine learning attacks and defenses that can serve to advance the state of ML systems security.

Kevin Lange,Federico Fontana,Francesco Rossi,Mattia Varile,Giovanni Apruzzese

2024-05-30

Abstract:Modern spacecraft are increasingly relying on machine learning (ML). However, physical equipment in space is subject to various natural hazards, such as radiation, which may inhibit the correct operation of computing devices. Despite plenty of evidence showing the damage that naturally-induced faults can cause to ML-related hardware, we observe that the effects of radiation on ML models for space applications are not well-studied. This is a problem: without understanding how ML models are affected by these natural phenomena, it is uncertain "where to start from" to develop radiation-tolerant ML software. As ML researchers, we attempt to tackle this dilemma. By partnering up with space-industry practitioners specialized in ML, we perform a reflective analysis of the state of the art. We provide factual evidence that prior work did not thoroughly examine the impact of natural hazards on ML models meant for spacecraft. Then, through a "negative result", we show that some existing open-source technologies can hardly be used by researchers to study the effects of radiation for some applications of ML in satellites. As a constructive step forward, we perform simple experiments showcasing how to leverage current frameworks to assess the robustness of practical ML models for cloud detection against radiation-induced faults. Our evaluation reveals that not all faults are as devastating as claimed by some prior work. By publicly releasing our resources, we provide a foothold -- usable by researchers without access to spacecraft -- for spearheading development of space-tolerant ML models.

Machine Learning

Yize Chen,Yushi Tan,Deepjyoti Deka

DOI: https://doi.org/10.48550/arXiv.1808.08197

2018-08-27

Abstract:Recent advances in Machine Learning(ML) have led to its broad adoption in a series of power system applications, ranging from meter data analytics, renewable/load/price forecasting to grid security assessment. Although these data-driven methods yield state-of-the-art performances in many tasks, the robustness and security of applying such algorithms in modern power grids have not been discussed. In this paper, we attempt to address the issues regarding the security of ML applications in power systems. We first show that most of the current ML algorithms proposed in power systems are vulnerable to adversarial examples, which are maliciously crafted input data. We then adopt and extend a simple yet efficient algorithm for finding subtle perturbations, which could be used for generating adversaries for both categorical(e.g., user load profile classification) and sequential applications(e.g., renewables generation forecasting). Case studies on classification of power quality disturbances and forecast of building loads demonstrate the vulnerabilities of current ML algorithms in power networks under our adversarial designs. These vulnerabilities call for design of robust and secure ML algorithms for real world applications.

Systems and Control

Avik Mukherjee,Moritz Glatt,Waleed Mustafa,Marius Kloft,Jan C Aurich

DOI: https://doi.org/10.1016/j.procir.2022.10.054

Procedia CIRP

Abstract:The COVID-19 pandemic and crises like the Ukraine-Russia war have led to numerous restrictions for industrial manufacturing due to interrupted supply chains, staff absences due to illness or quarantine measures, and order situations that changed significantly at short notice. These influences have exposed that it is crucial to address the issue of manufacturing resilience in the context of current disruptions. This can be plausibly guaranteed by subjecting the ML model of a manufacturing system to attacks deliberately designed to fool its prediction. Such attacks can provide useful insights into properties that can increase resilience of manufacturing systems.

Ram Shankar Siva Kumar,Magnus Nyström,John Lambert,Andrew Marshall,Mario Goertzel,Andi Comissoneru,Matt Swann,Sharon Xia

DOI: https://doi.org/10.48550/arXiv.2002.05646

2021-03-20

Abstract:Based on interviews with 28 organizations, we found that industry practitioners are not equipped with tactical and strategic tools to protect, detect and respond to attacks on their Machine Learning (ML) systems. We leverage the insights from the interviews and we enumerate the gaps in perspective in securing machine learning systems when viewed in the context of traditional software security development. We write this paper from the perspective of two personas: developers/ML engineers and security incident responders who are tasked with securing ML systems as they are designed, developed and deployed ML systems. The goal of this paper is to engage researchers to revise and amend the Security Development Lifecycle for industrial-grade software in the adversarial ML era.

Computers and Society,Cryptography and Security,Machine Learning

Atul Kumar,Sameep Mehta

DOI: https://doi.org/10.48550/arXiv.1707.03184

2017-07-11

Abstract:Machine learning based system are increasingly being used for sensitive tasks such as security surveillance, guiding autonomous vehicle, taking investment decisions, detecting and blocking network intrusion and malware etc. However, recent research has shown that machine learning models are venerable to attacks by adversaries at all phases of machine learning (eg, training data collection, training, operation). All model classes of machine learning systems can be misled by providing carefully crafted inputs making them wrongly classify inputs. Maliciously created input samples can affect the learning process of a ML system by either slowing down the learning process, or affecting the performance of the learned mode, or causing the system make error(s) only in attacker's planned scenario. Because of these developments, understanding security of machine learning algorithms and systems is emerging as an important research area among computer security and machine learning researchers and practitioners. We present a survey of this emerging area in machine learning.

Artificial Intelligence,Cryptography and Security,Machine Learning

Muhammad Shafique,Mahum Naseer,Theocharis Theocharides,Christos Kyrkou,Onur Mutlu,Lois Orosa,Jungwook Choi

DOI: https://doi.org/10.48550/arXiv.2101.02559

2021-01-04

Cryptography and Security

Abstract:Machine Learning (ML) techniques have been rapidly adopted by smart Cyber-Physical Systems (CPS) and Internet-of-Things (IoT) due to their powerful decision-making capabilities. However, they are vulnerable to various security and reliability threats, at both hardware and software levels, that compromise their accuracy. These threats get aggravated in emerging edge ML devices that have stringent constraints in terms of resources (e.g., compute, memory, power/energy), and that therefore cannot employ costly security and reliability measures. Security, reliability, and vulnerability mitigation techniques span from network security measures to hardware protection, with an increased interest towards formal verification of trained ML models. This paper summarizes the prominent vulnerabilities of modern ML systems, highlights successful defenses and mitigation techniques against these vulnerabilities, both at the cloud (i.e., during the ML training phase) and edge (i.e., during the ML inference stage), discusses the implications of a resource-constrained design on the reliability and security of the system, identifies verification methodologies to ensure correct system behavior, and describes open research challenges for building secure and reliable ML systems at both the edge and the cloud.

Giovanni Apruzzese,Pavel Laskov,Edgardo Montes de Oca,Wissam Mallouli,Luis Brdalo Rapa,Athanasios Vasileios Grammatopoulos,Fabio Di Franco

DOI: https://doi.org/10.1145/3545574

2023-03-07

Digital Threats: Research and Practice

Abstract:Machine Learning (ML) represents a pivotal technology for current and future information systems, and many domains already leverage the capabilities of ML. However, deployment of ML in cybersecurity is still at an early stage, revealing a significant discrepancy between research and practice. Such a discrepancy has its root cause in the current state of the art, which does not allow us to identify the role of ML in cybersecurity. The full potential of ML will never be unleashed unless its pros and cons are understood by a broad audience. This article is the first attempt to provide a holistic understanding of the role of ML in the entire cybersecurity domain—to any potential reader with an interest in this topic. We highlight the advantages of ML with respect to human-driven detection methods, as well as the additional tasks that can be addressed by ML in cybersecurity. Moreover, we elucidate various intrinsic problems affecting real ML deployments in cybersecurity. Finally, we present how various stakeholders can contribute to future developments of ML in cybersecurity, which is essential for further progress in this field. Our contributions are complemented with two real case studies describing industrial applications of ML as defense against cyber-threats.

Nicolas Papernot,Patrick McDaniel,Arunesh Sinha,Michael Wellman

DOI: https://doi.org/10.48550/arXiv.1611.03814

2016-11-11

Cryptography and Security

Abstract:Advances in machine learning (ML) in recent years have enabled a dizzying array of applications such as data analytics, autonomous systems, and security diagnostics. ML is now pervasive---new systems and models are being deployed in every domain imaginable, leading to rapid and widespread deployment of software based inference and decision making. There is growing recognition that ML exposes new vulnerabilities in software systems, yet the technical community's understanding of the nature and extent of these vulnerabilities remains limited. We systematize recent findings on ML security and privacy, focusing on attacks identified on these systems and defenses crafted to date. We articulate a comprehensive threat model for ML, and categorize attacks and defenses within an adversarial framework. Key insights resulting from works both in the ML and security communities are identified and the effectiveness of approaches are related to structural elements of ML algorithms and the data used to train them. We conclude by formally exploring the opposing relationship between model accuracy and resilience to adversarial manipulation. Through these explorations, we show that there are (possibly unavoidable) tensions between model complexity, accuracy, and resilience that must be calibrated for the environments in which they will be used.

Zakaria Faddi,Karen da Mata,Priscila Silva,Vidhyashree Nagaraju,Susmita Ghosh,Gokhan Kul,Lance Fiondella

DOI: https://doi.org/10.1111/risa.14666

2024-07-23

Abstract:Advances in machine learning (ML) have led to applications in safety-critical domains, including security, defense, and healthcare. These ML models are confronted with dynamically changing and actively hostile conditions characteristic of real-world applications, requiring systems incorporating ML to be reliable and resilient. Many studies propose techniques to improve the robustness of ML algorithms. However, fewer consider quantitative techniques to assess changes in the reliability and resilience of these systems over time. To address this gap, this study demonstrates how to collect relevant data during the training and testing of ML suitable for the application of software reliability, with and without covariates, and resilience models and the subsequent interpretation of these analyses. The proposed approach promotes quantitative risk assessment of ML technologies, providing the ability to track and predict degradation and improvement in the ML model performance and assisting ML and system engineers with an objective approach to compare the relative effectiveness of alternative training and testing methods. The approach is illustrated in the context of an image recognition model, which is subjected to two generative adversarial attacks and then iteratively retrained to improve the system's performance. Our results indicate that software reliability models incorporating covariates characterized the misclassification discovery process more accurately than models without covariates. Moreover, the resilience model based on multiple linear regression incorporating interactions between covariates tracks and predicts degradation and recovery of performance best. Thus, software reliability and resilience models offer rigorous quantitative assurance methods for ML-enabled systems and processes.

Mst Shapna Akter,Hossain Shahriar,Iysa Iqbal,MD Hossain,M.A. Karim,Victor Clincy,Razvan Voicu

2023-05-31

Abstract:The burgeoning fields of machine learning (ML) and quantum machine learning (QML) have shown remarkable potential in tackling complex problems across various domains. However, their susceptibility to adversarial attacks raises concerns when deploying these systems in security sensitive applications. In this study, we present a comparative analysis of the vulnerability of ML and QML models, specifically conventional neural networks (NN) and quantum neural networks (QNN), to adversarial attacks using a malware dataset. We utilize a software supply chain attack dataset known as ClaMP and develop two distinct models for QNN and NN, employing Pennylane for quantum implementations and TensorFlow and Keras for traditional implementations. Our methodology involves crafting adversarial samples by introducing random noise to a small portion of the dataset and evaluating the impact on the models performance using accuracy, precision, recall, and F1 score metrics. Based on our observations, both ML and QML models exhibit vulnerability to adversarial attacks. While the QNNs accuracy decreases more significantly compared to the NN after the attack, it demonstrates better performance in terms of precision and recall, indicating higher resilience in detecting true positives under adversarial conditions. We also find that adversarial samples crafted for one model type can impair the performance of the other, highlighting the need for robust defense mechanisms. Our study serves as a foundation for future research focused on enhancing the security and resilience of ML and QML models, particularly QNN, given its recent advancements. A more extensive range of experiments will be conducted to better understand the performance and robustness of both models in the face of adversarial attacks.

Machine Learning,Quantum Physics

Abhishek Chaudhary,Junseo Han,Seongah Kim,Aram Kim,Sunoh Choi

DOI: https://doi.org/10.3390/electronics13224428

IF: 2.9

2024-11-13

Electronics

Abstract:Industries are increasingly adopting digital systems to improve control and accessibility by providing real-time monitoring and early alerts for potential issues. While digital transformation fuels exponential growth, it exposes these industries to cyberattacks. For critical sectors such as nuclear power plants, a cyberattack not only risks damaging the facility but also endangers human lives. In today's digital world, enormous amounts of data are generated, and the analysis of these data can help ensure effectiveness, including security. In this study, we analyzed the data using a deep learning model for early detection of abnormal behavior. We first examined the Asherah Nuclear Power Plant simulator by initiating three different cyberattacks, each targeting a different system, thereby collecting and analyzing data from the simulator. Second, a Bi-LSTM model was used to detect anomalies in the simulator, which detected it before the plant's protection system was activated in response to a threat. Finally, we applied explainable AI (XAI) to acquire insight into how distinctive features contribute to the detection of anomalies. XAI provides valuable explanations of model behavior by revealing how specific features influence anomaly detection during attacks. This research proposes an effective anomaly detection technique and interpretability to better understand counter-cyber threats in critical industries, such as nuclear plants.

engineering, electrical & electronic,computer science, information systems,physics, applied

Likai Yao,Qinxuan Shi,Zhanglong Yang,Sicong Shao,Salim Hariri

2024-09-27

Abstract:Deploying machine learning (ML) in dynamic data-driven applications systems (DDDAS) can improve the security of industrial control systems (ICS). However, ML-based DDDAS are vulnerable to adversarial attacks because adversaries can alter the input data slightly so that the ML models predict a different result. In this paper, our goal is to build a resilient edge machine learning (reML) architecture that is designed to withstand adversarial attacks by performing Data Air Gap Transformation (DAGT) to anonymize data feature spaces using deep neural networks and randomize the ML models used for predictions. The reML is based on the Resilient DDDAS paradigm, Moving Target Defense (MTD) theory, and TinyML and is applied to combat adversarial attacks on ICS. Furthermore, the proposed approach is power-efficient and privacy-preserving and, therefore, can be deployed on power-constrained devices to enhance ICS security. This approach enables resilient ML inference at the edge by shifting the computation from the computing-intensive platforms to the resource-constrained edge devices. The incorporation of TinyML with TensorFlow Lite ensures efficient resource utilization and, consequently, makes reML suitable for deployment in various industrial control environments. Furthermore, the dynamic nature of reML, facilitated by the resilient DDDAS development environment, allows for continuous adaptation and improvement in response to emerging threats. Lastly, we evaluate our approach on an ICS dataset and demonstrate that reML provides a viable and effective solution for resilient ML inference at the edge devices.

Cryptography and Security,Machine Learning

Mario Gomez-Fernandez,Kathryn Higley,Akira Tokuhiro,Kent Welter,Weng-Keen Wong,Haori Yang

DOI: https://doi.org/10.1016/j.nucengdes.2019.110479

IF: 1.7

2020-04-01

Nuclear Engineering and Design

Abstract:Nuclear technology industries have increased their interest in using data-driven methods to improve safety, reliability, and availability of assets. To do so, it is important to understand the fundamentals between the disciplines to effectively develop and deploy such systems. This survey presents an overview of the fundamentals of artificial intelligence and the state of development of learning-based methods in nuclear science and engineering to identify the risks and opportunities of applying such methods to nuclear applications. This paper focuses on applications related to three key subareas related to safety and decision-making. These are reactor health and monitoring, radiation detection, and optimization. The principles of learning-based methods in these applications are explained and recent studies are explored. Furthermore, as these methods have become more practical during the past decade, it is foreseen that the popularity of learning-based methods in nuclear science and technology will increase; consequently, understanding the benefits and barriers of implementing such methodologies can help create better research plans, and identify project risks and opportunities.

nuclear science & technology

Alexander Lavin,Ciarán M. Gilligan-Lee,Alessya Visnjic,Siddha Ganju,Dava Newman,Atılım Güneş Baydin,Sujoy Ganguly,Danny Lange,Amit Sharma,Stephan Zheng,Eric P. Xing,Adam Gibson,James Parr,Chris Mattmann,Yarin Gal

DOI: https://doi.org/10.1038/s41467-022-33128-9

2021-11-30

Abstract:The development and deployment of machine learning (ML) systems can be executed easily with modern tools, but the process is typically rushed and means-to-an-end. The lack of diligence can lead to technical debt, scope creep and misaligned objectives, model misuse and failures, and expensive consequences. Engineering systems, on the other hand, follow well-defined processes and testing standards to streamline development for high-quality, reliable results. The extreme is spacecraft systems, where mission critical measures and robustness are ingrained in the development process. Drawing on experience in both spacecraft engineering and ML (from research through product across domain areas), we have developed a proven systems engineering approach for machine learning development and deployment. Our "Machine Learning Technology Readiness Levels" (MLTRL) framework defines a principled process to ensure robust, reliable, and responsible systems while being streamlined for ML workflows, including key distinctions from traditional software engineering. Even more, MLTRL defines a lingua franca for people across teams and organizations to work collaboratively on artificial intelligence and machine learning technologies. Here we describe the framework and elucidate it with several real world use-cases of developing ML methods from basic research through productization and deployment, in areas such as medical diagnostics, consumer computer vision, satellite imagery, and particle physics.

Machine Learning,Artificial Intelligence,Software Engineering

Muhammad Zubair,Yumna Akram

DOI: https://doi.org/10.1016/j.anucene.2024.110448

IF: 1.9

2024-02-27

Annals of Nuclear Energy

Abstract:The increasing interest in artificial intelligence and automation within the nuclear industry stems from the hope of elevating the safety and reliability of nuclear power plants by minimizing the impact of human errors. This paper explores the capabilities of machine-learning based fault detection and diagnosis (FDD) models in accurately classifying transient events in a nuclear power plant using the Classification Learners Application from MATLAB. The scope of the research is narrowed to the identification of transient events of the same nature occurring at various locations within the plant. To accomplish this, the Generic Pressurized Water Reactor (GPWR) from the Western Services Cooperation (WSC) was used to simulate 14 transients in the primary system and 10 transients in the secondary system, resulting in two distinct datasets of 108,000 and 79,200 observations. Nine types of classifiers, including Decision Trees, Discriminant Analysis, Support Vector Machines, Logistic Regression, Nearest Neighbors, Naive Bayes, Kernel Approximation, Ensembles, and Neural Networks, with a total of 33 predefined models, were trained and validated. The K-Nearest Neighbors model achieved the highest accuracy of 97% in the primary system, while the Efficient Linear Discriminant and Logistic Regression models achieved the highest average accuracy of 99% in the secondary system. The assessment of the top-performing models was conducted through a comprehensive analysis employing key classification model evaluation metrics, such as the confusion matrix, accuracy, precision, recall, and the F1 score. In an effort to optimize the models, the study integrated feature selection using the minimum Redundancy Maximum Relevance (mRMR) algorithm. Additionally, the investigation explored different validation schemes, including both holdout and k-fold cross-validation schemes, resulting in a substantial reduction in training time without significantly compromising the overall accuracy of the models. The optimized models in this study demonstrated remarkable prediction accuracies, consistently exceeding 94%. Despite the complexity of the models and the intricacies involved in the training process, the training times ranged from 10 to 1800 s, reflecting the efficiency and robustness of the implemented optimization techniques. The results of this study underscore the potential of machine learning models in identifying transient events in nuclear reactors, showcasing their promising capabilities while maintaining low computational and execution costs. This suggests their efficacy in optimizing safe and efficient operational practices within nuclear facilities.

nuclear science & technology

Kevin Eykholt,Farhan Ahmed,Pratik Vaishnavi,Amir Rahmati

2024-10-16

Abstract:The vulnerability of machine learning models in adversarial scenarios has garnered significant interest in the academic community over the past decade, resulting in a myriad of attacks and defenses. However, while the community appears to be overtly successful in devising new attacks across new contexts, the development of defenses has stalled. After a decade of research, we appear no closer to securing AI applications beyond additional training. Despite a lack of effective mitigations, AI development and its incorporation into existing systems charge full speed ahead with the rise of generative AI and large language models. Will our ineffectiveness in developing solutions to adversarial threats further extend to these new technologies? In this paper, we argue that overly permissive attack and overly restrictive defensive threat models have hampered defense development in the ML domain. Through the lens of adversarial evasion attacks against neural networks, we critically examine common attack assumptions, such as the ability to bypass any defense not explicitly built into the model. We argue that these flawed assumptions, seen as reasonable by the community based on paper acceptance, have encouraged the development of adversarial attacks that map poorly to real-world scenarios. In turn, new defenses evaluated against these very attacks are inadvertently required to be almost perfect and incorporated as part of the model. But do they need to? In practice, machine learning models are deployed as a small component of a larger system. We analyze adversarial machine learning from a system security perspective rather than an AI perspective and its implications for emerging AI paradigms.

Machine Learning,Cryptography and Security