Adversarial Machine Learning -- Industry Perspectives
This addresses the problem of securing ML systems for developers and security responders in industry, but it is incremental as it builds on existing security frameworks.
The study identified that industry practitioners lack tools to protect, detect, and respond to attacks on machine learning systems, based on interviews with 28 organizations, and aims to engage researchers to revise the Security Development Lifecycle for industrial software in the adversarial ML era.
Based on interviews with 28 organizations, we found that industry practitioners are not equipped with tactical and strategic tools to protect, detect and respond to attacks on their Machine Learning (ML) systems. We leverage the insights from the interviews and we enumerate the gaps in perspective in securing machine learning systems when viewed in the context of traditional software security development. We write this paper from the perspective of two personas: developers/ML engineers and security incident responders who are tasked with securing ML systems as they are designed, developed and deployed ML systems. The goal of this paper is to engage researchers to revise and amend the Security Development Lifecycle for industrial-grade software in the adversarial ML era.