https://ebookmass.com/product/cybersecurity-in-intelligentnetworking-systems-1st-edition-shengjie-xu/
Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...
The AI Revolution in Networking, Cybersecurity, and Emerging Technologies Omar Santos
https://ebookmass.com/product/the-ai-revolution-in-networkingcybersecurity-and-emerging-technologies-omar-santos/
ebookmass.com
Demystifying Intelligent Multimode Security Systems: An Edge-to-Cloud Cybersecurity Solutions Guide Jody Booth
https://ebookmass.com/product/demystifying-intelligent-multimodesecurity-systems-an-edge-to-cloud-cybersecurity-solutions-guide-jodybooth/
ebookmass.com
Intelligent Systems and Learning Data Analytics in Online Education: A volume in Intelligent Data-Centric Systems Santi Caballé
https://ebookmass.com/product/intelligent-systems-and-learning-dataanalytics-in-online-education-a-volume-in-intelligent-data-centricsystems-santi-caballe/ ebookmass.com
Designing Control Loops for Linear and Switching Power Supplies: A Tutorial Guide – Ebook PDF Version
https://ebookmass.com/product/designing-control-loops-for-linear-andswitching-power-supplies-a-tutorial-guide-ebook-pdf-version/
ebookmass.com
Wide Bandgap Semiconductor Power Devices_ Materials, Physics, Design, and Applications B. Jayant Baliga
https://ebookmass.com/product/wide-bandgap-semiconductor-powerdevices_-materials-physics-design-and-applications-b-jayant-baliga/
ebookmass.com
CybersecurityinIntelligentNetworking Systems
ShengjieXu SanDiegoStateUniversity,USA
YiQian UniversityofNebraska-Lincoln,USA
RoseQingyangHu UtahStateUniversity,USA
Thiseditionfirstpublished2023 ©2023JohnWiley&SonsLtd
Allrightsreserved.Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,or transmitted,inanyformorbyanymeans,electronic,mechanical,photocopying,recordingor otherwise,exceptaspermittedbylaw.Adviceonhowtoobtainpermissiontoreusematerialfromthis titleisavailableathttp://www.wiley.com/go/permissions.
TherightofShengjieXu,YiQian,andRoseQingyangHutobeidentifiedastheauthorsofthiswork hasbeenassertedinaccordancewithlaw.
RegisteredOffices
JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,USA
JohnWiley&SonsLtd,TheAtrium,SouthernGate,Chichester,WestSussex,PO198SQ,UK
Fordetailsofourglobaleditorialoffices,customerservices,andmoreinformationaboutWiley productsvisitusatwww.wiley.com.
Wileyalsopublishesitsbooksinavarietyofelectronicformatsandbyprint-on-demand.Some contentthatappearsinstandardprintversionsofthisbookmaynotbeavailableinotherformats.
Trademarks:WileyandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&Sons, Inc.and/oritsaffiliatesintheUnitedStatesandothercountriesandmaynotbeusedwithoutwritten permission.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc. isnotassociatedwithanyproductorvendormentionedinthisbook.
LimitofLiability/DisclaimerofWarranty
Whilethepublisherandauthorshaveusedtheirbesteffortsinpreparingthiswork,theymakeno representationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthis workandspecificallydisclaimallwarranties,includingwithoutlimitationanyimpliedwarrantiesof merchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysales representatives,writtensalesmaterialsorpromotionalstatementsforthiswork.Thefactthatan organization,website,orproductisreferredtointhisworkasacitationand/orpotentialsourceof furtherinformationdoesnotmeanthatthepublisherandauthorsendorsetheinformationorservices theorganization,website,orproductmayprovideorrecommendationsitmaymake.Thisworkissold withtheunderstandingthatthepublisherisnotengagedinrenderingprofessionalservices.The adviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwith aspecialistwhereappropriate.Further,readersshouldbeawarethatwebsiteslistedinthisworkmay havechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.Neitherthe publishernorauthorsshallbeliableforanylossofprofitoranyothercommercialdamages,including butnotlimitedtospecial,incidental,consequential,orotherdamages.
LibraryofCongressCataloging-in-PublicationData
Names:Xu,Shengjie(Professor),author.|Qian,Yi,1962-author.|Hu, RoseQingyang,author.
Title:Cybersecurityinintelligentnetworkingsystems/ShengjieXu,Yi Qian,RoseQingyangHu.
Description:Chichester,WestSussex,UK:Wiley,[2023]|Includes bibliographicalreferencesandindex.
Identifiers:LCCN2022033498(print)|LCCN2022033499(ebook)|ISBN 9781119783916(hardback)|ISBN9781119784104(adobepdf)|ISBN 9781119784128(epub)
Subjects:LCSH:Computernetworks–Securitymeasures.
Classification:LCCTK5105.59.X872023(print)|LCCTK5105.59(ebook)| DDC005.8–dc23/eng/20220826
LCrecordavailableathttps://lccn.loc.gov/2022033498
LCebookrecordavailableathttps://lccn.loc.gov/2022033499
CoverDesign:Wiley
CoverImage:©jijomathaidesigners/Shutterstock
Setin9.5/12.5ptSTIXTwoTextbyStraive,Chennai,India
Contents
AbouttheAuthors xi
Preface xii
Acknowledgments xiv Acronyms xv
1CybersecurityintheEraofArtificialIntelligence 1
1.1ArtificialIntelligenceforCybersecurity 2
1.1.1ArtificialIntelligence 2
1.1.2MachineLearning 3
1.1.2.1SupervisedLearning 3
1.1.2.2UnsupervisedLearning 3
1.1.2.3Semi-supervisedLearning 4
1.1.2.4ReinforcementLearning 4
1.1.3Data-DrivenWorkflowforCybersecurity 4
1.2KeyAreasandChallenges 5
1.2.1AnomalyDetection 5
1.2.2TrustworthyArtificialIntelligence 6
1.2.3PrivacyPreservation 7
1.3ToolboxtoBuildSecureandIntelligentSystems 8
1.3.1MachineLearningandDeepLearning 8
1.3.1.1NumPy 8
1.3.1.2SciPy 8
1.3.1.3Scikit-learn 8
1.3.1.4PyTorch 8
1.3.1.5TensorFlow 9
1.3.2Privacy-PreservingMachineLearning 9
1.3.2.1Syft 9
1.3.2.2TensorFlowFederated 9
1.3.2.3TensorFlowPrivacy 9
3.2.2Reliability 35
3.2.3Survivability 36
3.3SecureEdgeIntelligence 36
3.3.1BackgroundandMotivation 37
3.3.2DesignofDetectionModule 38
3.3.2.1DataPre-processing 38
3.3.2.2ModelLearning 38
3.3.2.3ModelUpdating 39
3.3.3ChallengesAgainstPoisoningAttacks 40
3.4Summary 40 References 40
4EdgeIntelligenceforIntrusionDetection 45
4.1EdgeCyberinfrastructure 45
4.2EdgeAIEngine 46
4.2.1FeatureEngineering 47
4.2.2ModelLearning 48
4.2.3ModelUpdate 48
4.2.4PredictiveAnalytics 49
4.3ThreatIntelligence 49
4.4PreliminaryStudy 49
4.4.1Dataset 49
4.4.2EnvironmentalSetup 50
4.4.3PerformanceEvaluation 51
4.4.3.1ComputationalEfficiency 51
4.4.3.2PredictionAccuracy 52
4.5Summary 53 References 53
5RobustIntrusionDetection 55
5.1Preliminaries 55
5.1.1MedianAbsoluteDeviation 55
5.1.2MahalanobisDistance 55
5.2RobustIntrusionDetection 56
5.2.1ProblemFormulation 56
5.2.2Step1:RobustDataPre-processing 57
5.2.3Step2:BaggingforLabeledAnomalies 58
5.2.4Step3:One-classSVMforUnlabeledSamples 58
5.2.4.1One-classClassification 59
5.2.4.2AlgorithmofOptimalSamplingRatioSection 60
5.2.5Step4:TheFinalClassifier 61
5.3ExperimentalandEvaluation 63
5.3.1ExperimentSetup 63
5.3.1.1Datasets 63
5.3.1.2EnvironmentalSetup 64
5.3.1.3EvaluationMetrics 64
5.3.2PerformanceEvaluation 64
5.3.2.1Step1 64
5.3.2.2Step2 65
5.3.2.3Step3 65
5.3.2.4Step4 71
5.4Summary 72 References 72
6EfficientPre-processingSchemeforAnomaly Detection 75
6.1EfficientAnomalyDetection 75
6.1.1RelatedWork 76
6.1.2PrincipalComponentAnalysis 77
6.2ProposedPre-processingSchemeforAnomalyDetection 78
6.2.1RobustPre-processingScheme 79
6.2.2Real-TimeProcessing 80
6.2.3Discussion 82
6.3CaseStudy 83
6.3.1DescriptionoftheRawData 83
6.3.1.1Dimension 83
6.3.1.2Predictors 83
6.3.1.3ResponseVariables 84
6.3.2Experiment 84
6.3.3Results 86
6.4Summary 87 References 87
7PrivacyPreservationintheEraofBigData 91
7.1PrivacyPreservationApproaches 91
7.1.1Anonymization 91
7.1.2DifferentialPrivacy 92
7.1.3FederatedLearning 93
7.1.4HomomorphicEncryption 94
7.1.5SecureMulti-partyComputation 95
7.1.6Discussion 96
x Contents
8.4.2ResearchIdea 120
8.5CaseStudy:ProtectingSmartSpeakersfromAdversarialVoice Commands 122
8.5.1Background 122
8.5.2Challenges 122
8.5.3DirectionsandTasks 123
8.6Summary 124 References 124
Index 127
AbouttheAuthors
ShengjieXu,PhD,isanassistantprofessorintheManagementInformationSystemsDepartmentatSanDiegoStateUniversity,USA.HeisarecipientoftheIETJournalsPremiumAwardforBestPaperin2020,theMiltonE. MohrGraduateFellowshipAwardfromtheUniversityofNebraska–Lincoln in2017,andtheBestPosterAwardfromtheInternationalConferenceon DesignofReliableCommunicationNetworksin2015.HeservesasaTechnicalEditorfor IEEEWirelessCommunications Magazine.Heholdsmultiple professionalcertificationsincybersecurityandcomputernetworking.
YiQian,PhD,isaprofessorintheDepartmentofElectricalandComputer EngineeringattheUniversityofNebraska–Lincoln,USA.Heisarecipient oftheHenryY.KleinkaufFamilyDistinguishedNewFacultyTeaching Awardin2011,theHollingFamilyDistinguishedTeachingAwardin2012, theHollingFamilyDistinguishedTeaching/Advising/MentoringAward in2018,andtheHollingFamilyDistinguishedTeachingAwardforInnovativeUseofInstructionalTechnologyin2018,allfromtheUniversityof Nebraska–Lincoln,USA.
RoseQingyangHu,PhD,isaprofessorintheDepartmentofElectricaland ComputerEngineeringandAssociateDeanofResearchintheCollegeof EngineeringatUtahStateUniversity,USA.Sheisarecipientofoutstanding facultyresearcheroftheyearin2014and2016andoutstandinggraduate mentoroftheyearin2022,allfromUtahStateUniversity,USA.Sheisa FellowofIEEE,IEEEComSocDistinguishedLecturer2015–2018,IEEEVTS DistinguishedLecturer2020–2022.
Chapter2dealswithcyberthreatsanddefensemechanisms.Thechapter firstillustratesmultipleeffectivegatewaydefensemethodsagainstcyber threats.Itthenpresentsaresearchstudythatinnovatesreinforcement learningforpenetrationtest.
Chapter3dealswithedgecomputing.Edgecomputingispresentedto highlightitskeyadvancesanduniquecapabilitiesincommunicationnetworks.Thechapterthenillustratestheconceptofsecureedgeintelligence.
Chapter4dealswithedgeintelligenceforintrusiondetection.Thesystematicdesignofedgeintelligenceisfirstpresented.Threemainmodules inedgeintelligenceareillustrated.Thechapterthendemonstratesacase studyincludingexperimentandevaluation.
Chapter5dealswitharobustintrusiondetectionscheme.Thepreliminariesofrobuststatisticsarefirstintroduced.Thechapterthenpresentsthe detailsoftheproposedscheme.Anexperimentalstudyandevaluationare thendemonstrated.
Chapter6dealswithanefficientprocessingschemeforanomalydetection.Afewrelatedstudiesandbackgroundofprincipalcomponentanalysis arefirstintroduced.Itthenpresentstheproposedefficientpreprocessing schemeforanomalydetection,whoseobjectiveistoachievehighdetectionaccuracywhilelearningfromthepreprocesseddata.Thechapterthen demonstratesacasestudyincludingexperimentandevaluation.
Chapter7dealswithprivacypreservationintheeraofbigdata.Afew modernprivacy-preservingapproachesarefirstillustrated.Itthenpresents aproposedschemethatfocusesondetectinganomalousbehaviorsina privacy-preservingway.Thechapteroffersanexperimentalstudyand evaluation.
Chapter8dealswithadversarialexamplesandadversarialmachinelearning.Theconceptofadversarialexamplesanditschallengesarefirstintroduced.Threeresearchstudiesinadversarialexamplesarethenpresented frombothoffensiveanddefensiveperspectives.
Wehopethatourreaderswillenjoythisbook.
ShengjieXu,SanDiegoStateUniversity YiQian,UniversityofNebraska–Lincoln RoseQingyangHu,UtahStateUniversity
Acknowledgments
First,wewouldliketothankourfamiliesfortheirloveandsupport.
WewouldliketothankourcolleaguesandstudentsatDakotaState University,UniversityofNebraska-Lincoln,UtahStateUniversity,andSan DiegoStateUniversityfortheirsupportandenthusiasminthisbookproject andthistopic.
WeexpressourthankstothestaffatWileyfortheirsupport.Wewouldlike tothankSandraGrayson,JulietBooker,andBeckyCowanfortheirpatience inhandlingpublicationissues.
ThisbookprojectwaspartiallysupportedbytheU.S.NationalScience FoundationundergrantsCNS-1423348,CNS-1423408,EARS-1547312,and EARS-1547330.
Acronyms
ABEattributedbasedencryption
AEadversarialexamples
AESAdvancedEncryptionStandard
AIartificialintelligence
AMLadversarialmachinelearning
APIapplicationprogramminginterface
APTadvancedpersistentthreats
ASRautomaticspeechrecognition
CDNcontentdeliverynetwork
CPScyberphysicalsystem
CPUcentralprocessingunit
CSVcomma-separatedvalues
DBSCANdensity-basedspatialclusteringofapplicationswithnoise
DDOSdistributeddenialofservice
DLdeeplearning
DNNdeepneuralnetwork
DOSdenialofservice
DPdifferentialprivacy
FGSMfastgradientsignmethod
FLfederatedlearning
GANgenerativeadversarialnetworks
GDPRGeneralDataProtectionRegulation
GPUgraphicsprocessingunit
HEhomomorphicencryption
ICTinformationandcommunicationtechnology
IDSintrusiondetectionsystem
IOTInternetofThings
IPInternetProtocol
xvi Acronyms
IQRinterquartilerange
JSONJavaScriptobjectnotation
LANlocalareanetwork
LDAlineardiscriminantanalysis
MADmedianabsolutedeviation
MDMahalanobisdistance
MERmeanerrorrate
MLmachinelearning
NIDSnetworkintrusiondetectionsystem
NISTNationalInstituteofStandardsandTechnology
ODEordinarydifferentialequations
PCprincipalcomponent
PCAprincipalcomponentanalysis
PEportableexecutable
POMDPpartiallyobservableMarkovdecisionprocess
PVEproportionofvarianceexplained
QOEqualityofexperience
RAMrandomaccessmemory
SMPCsecuremulti-partycomputation
TAtrustedauthority
TCPtransmissioncontrolprotocol
TPUtensorprocessingunit
CybersecurityintheEraofArtificialIntelligence
Therapidandsuccessfuladvancesofartificialintelligence(AI)andmachine learning(ML)offersecurityresearchersandpractitionersnewapproaches andplatformstoexploreandinvestigatechallengingissuesemergingin manysafety-criticalsystems.ThoseAI/ML-enabledsolutionshaveboosted theefficiencyandeffectivenessofmultipleimportantsecurityapplications. Forexample,recentadvancesinAIandMLhavebeenwidelyappliedin intrusiondetectionsystem(IDS)(Xuetal.,2017,2019a,b,2020),malware detectionsystem(BradleyandXu,2021;Bradley,2022;AhmedandXu, 2022),andpenetrationtesting(Chaudharyetal.,2020).
However,theriseofAIandMLisoftenconsideredasa“double-edged sword.”WhileAIandMLcanbeadoptedtoidentifythreatsmoreaccurately andpreventcyberattacksmoreefficiently,cybersecurityprofessionalsmust respondtotheincreasinglysophisticatedmotivationsfromadversaries. Modernintelligentnetworkingsystemshavebeenmaliciouslymanipulated,evaded,andmisled,causingsignificantsecurityincidentsinfinancial systems,cyber-physicalsystems,andmanyothercriticaldomains.Threat actorsandadversarialattackershavebeenapplyingtechniquestocarryout adversarialattackstargetingvariousAI/ML-enablednetworkingsystems (BurrandXu,2021;Burr,2022).Forinstance,anadversarycaninject well-designedaudiosignalstoconfusethevoicerecognitionsystemsin smartspeakerstodeliverrandomnoises,orcompromisingtheself-driving vehiclesbycreatingvisualalterationsofthestopsign,leavingtheML modelerroneouslyidentifyastopsignasaspeedlimitsignwith 70 miles perhour(mph)(Yuanetal.,2019).Thoseadversarialattackscouldlead tounauthorizeddisclosureofsensitiveinformation,affectthesafetyand wellnessofusers,andthwartInternetfreedom.Therefore,cybersecurity professionalsmustevolverapidlyastechnologyadvancesandnewcyber threatsemerge.
CybersecurityinIntelligentNetworkingSystems,FirstEdition. ShengjieXu,YiQian,andRoseQingyangHu. ©2023JohnWiley&SonsLtd.Published2023byJohnWiley&SonsLtd.
Table1.1 Exampleofahousepricedataset. (x0 )(x1 )(x2 )(x3 ) … (y )
1.1.2MachineLearning
MLofferscomputerstolearnbyminingmassivedatasets.Here,fourbroad categoriesofMLaredescribed.Theyaresupervisedlearning,unsupervised learning,semi-supervisedlearning,andreinforcementlearning.
1.1.2.1SupervisedLearning
MostoftheMLproblemsfallintosupervisedorunsupervised.Forinstance, thereisahousepricingdataset(Table1.1),inwhicheachrow(observation) representsahouseandeachcolumn(feature)representsanattribute(e.g. numberofbedrooms).Foreachobservation,anassociatedtargetvalueis shown.Here,theobjectiveistobuildamodelthatcapturestherelationshipbetweenthetargetvalue y (price)andtheattributes(x0 , … , x3 )sothat accuratepredictionsforfutureobservationscanbeachieved. Supervisedlearningaddressesthistypeofproblembytrainingthemodel withfeaturesandlabeleddata(y).Asupervisedlearningmodeltakesasetof knowninputdata(features)andknownoutputdata(response/target)and trainsamodeltomakereasonablepredictionsfortheresponsetonewdata. Regressionandclassificationarethemaincategoriesforsupervisedlearning problems.Inregressionproblems,therearemanyclassicalmodelsavailable fortraining,includinglinearregression,ordinalregression,andneuralnetworkregression.Inclassificationproblems,therearealsomanyclassical modelsavailablefortraining,includinglogisticregression,tree-basedmethods,supportvectormachine,randomforest,andboostingmethods.
1.1.2.2UnsupervisedLearning
Unsupervisedlearningtrainsthemodelwithunlabeleddata.Itsgoalis tounveilthepatternsinthedata.Unsupervisedlearningservesasagood
and
solutions
Model design and learning
Figure1.2 Data-drivenworkflowforcybersecurity.
thatnotonlysufficientdataarecollectedbutalsolabelinganddatasampling arecorrectandunbiased.Inthethirdstep,MLandotherstatisticalmodels aredesignedandtrained.Itisimportanttoassurethatthetrainedmodel canbegeneralizedwelltofuturedataandevenunseendata.Inthefourth step,performanceevaluationisconductedtoassessthequalityofthetrained model.Modelassessmentshouldbecarriedoutbyusingsuitablebaseline dataandappropriatemetrics.Inthefifthstep,modeldeploymentisperformed.Itiscrucialtonotethatthedeploymentshouldperformwelloutside ofalabenvironment,anditshouldalsoworkwellunderdifferentsettings invariousthreatmodels.Lastly,amatureandrobustsecuritysolutionfor learning-basedIDSisreleased.
1.2KeyAreasandChallenges
Theresearchcommunitieshavebeenactivelyexploringboththeoffense anddefensesidesofdata-drivencybersecurity.Asmoreachievementsare accomplished,severalresearchchallengesthatemergerapidlyarepending tobesolved.Here,threeaspectsaredescribed.Theyareanomalydetection, trustworthyAI,andprivacypreservation.
1.2.1AnomalyDetection
Inthecontextofcybersecurity,anomaliesrefertothoseabnormalbehaviorsthatharmtheinformationsystems.Todefendagainstthem,anomaly
1CybersecurityintheEraofArtificialIntelligence
detectionfocusesonidentifyinganomalousbehaviorsduringaperiodof operations.Thiscanbeextendedtoafewusecasesinsecurity,suchasintrusiondetection,malwaredetection,phishingdetection,spamdetection,and defenseagainstzero-dayattack.
Thegoalofintrusiondetectionistoexaminetrafficdataandclassifynormalactivitiesandattackbehaviors(Xuetal.,2019).Moretopicsaboutcyber intrusionsandintrusiondetectionwillbecoveredindetailinChapters2,4, 5,and6.
Malwarehasbeenneartheforefrontofmoderncybersecurityissues (AhmedandXu,2022).Thedetectionandpreventionofmalwarehas becomeamajorchallenge.Inmanycases,antivirustoolssuchasWindows DefenderutilizeMLtoscanfilesanddetectmaliciouspatterns.With therecenttrendofransomwarecasesaroundtheworld,ithasbecome moreimportantthanevertohaveeffectiveanti-malwaretokeepusers andorganizationssafe.Modernmalwarecantakemanyforms.Itcan beembeddedindocumentmacros,runasshellcode,andmuchmore. Malwareisalsoversatileinthetaskingsitcancomplete.Itcanimplanta command-and-controlserver(C2)beacon,installakeylogger,orransoma computerbyencryptingallofthefiles.Inadditiontocompletingmalicious tasks,malwarehasasecondaryobjectiveofavoidingdetectionbydisguising itselfasavalidprocessonacomputerandobfuscatethedetector.
Phishingisatacticthatisusedbythreatactorstoachievetheirgoals,such asobtainingcredentialsofemployeesordeliveringmalware(Khonjietal., 2013).Withtheprevalenceofthesetypesofattacks,itisimportanttodetect andstoptheattacksatanypointintheirlifecycle.Beingabletodetectthat awebsiteislikelyaphishingsitecouldbeausefultoolinmitigatingthe successoftheattacks.
Inrecentyears,thepoisoningattackhasbecomeanewformofattack tocompromisenetworkingsystemsandthelearningmodelstheyintegrate. Datapoisoningattackistheintentionalactofpollutingdatathatthealgorithmsneedtotrain(Huangetal.,2021).Itcanimpactorganizationsaswell asindividualsinanegativemanner.Somereal-lifeexamplesofthistypeof attackincludeanattackerchangingwhatanemailspamfiltermightmark asspam.Thiswouldallowanattackertosendanykindofemailtheywant withoutbeingflagged.Similarly,therearefirewalltoolsthatuseMLtomonitornetworktrafficandlookformalwareenteringthenetwork.Anattacker coulduseasimilarmethodtoevadedetection.
1.2.2TrustworthyArtificialIntelligence
MostoftheAI/MLmodelsfacetheissueofbeingtrustworthybecause theyarevulnerabletovariouskindsofattacks(e.g.adversarialexamples)
(Lietal.,2021a,b).Thisisbecausetheyarenotyetexplainableowingtothe black-boxnatureofmanyAI/MLmodels,especiallyDLmodels(Zouetal., 2021),andtheiruncertaintyhasnotbeenquantified(Lietal.,2021c).This highlightstheimportanceofadditionalresearchactivitiesinthetrustworthinessofAI/MLmodels.Moreover,morestudiesareneededtosystematicallyunderstandthetrustworthinessofAI/MLmodels,aswellastoadvance thestate-of-the-arttrustworthiness,robustness,andinterpretability ofAI/ML.
Currently,researchchallengesoftrustworthyAIandadversarialML include,butnotlimitedto,thefollowingaspects:quantifyingtrustworthinessofAI/MLmethodsagainstsophisticatedattacks,suchasadversarial examples,poisoningattacks,orevasiveattacks;determiningtheconditions towhethertrustAI/MLmodelsornot;explainingandinterpretingrecommendationsmadebyAI/MLmodels;detectingandmitigatingadversarial examplesagainstAI/MLmodels;andenhancingtrustworthinessofAI/ML modelsbyincorporatingcountermeasures.TrustworthyAIandadversarial MLwillbecoveredindetailinChapter8.
1.2.3PrivacyPreservation
Theprotectionofsensitivedataiscritical.Inthefieldofhealthstudy,the dataprivacyproblemisgrowingbecauseofthechallengesindataprivacy regulations,privacyleakagebyattackers,andthepervasivedatamining operations.Inonestudy(Naetal.,2018),theauthorsdiscussedthatby utilizinglargenationalphysicalactivitydatasets,thechildrenandadults werereidentifiedbyMLwhen20minutedatawithseveralpiecesof demographicinformationwereused.Unfortunately,moreincidentsare reportedworldwideregardingprivacyleakage.Withtheenforcementof GeneralDataProtectionRegulation(GDPR)(VoigtandVondemBussche, 2017),companiesandorganizationswillneedtocomplywithspecificterms andconditionstoprotectthedataprivacyofEuropeanUnioncitizens.
Theincreasingattentiononsecurityandprivacyhasmotivatedthe rapiddesignandimplementationofmultipleprivacy-preservingmethods. Forinstance,federatedlearning(FL)wasdesignedtotrainMLmodels acrossmultipleendnodeswithoutsharingthelocaldatatoacentralized server.OnearticlesharedthatGooglehasimplementedamobileapplication thatoffersprivacy-preservingwordprediction-basedFL(Hardetal.,2018).
Thereareafewmodernapproachesforprivacypreservation,including anonymization,differentialprivacy(DP),homomorphicencryption(HE), andsecuremulti-partycomputation(SMPC).TheseapproacheswillbecoveredindetailinChapter7.