当前位置:首页 > 报告详情

沙查尔·梅纳谢_从MLOps到MLOops暴露机器学习平台的攻击面.pdf

上传人: 张** 编号:175570 2024-09-13 49页 4.37MB

1、#BHUSA BlackHatEventsFrom From MLOpsMLOps to to MLOopsMLOopsExposing the Attack Surface of Machine Learning PlatformsExposing the Attack Surface of Machine Learning PlatformsSpeaker:Shachar Menashe#BHUSA BlackHatEventswhoami Shachar Menashe Classically-Binary reverse engineer In practice-Full-time C

2、VSS assigner:)Leading JFrogs security research teams 0-day,CVE,malware research Presenting recent research from our 0-day team Ori Hollander,Natan Nehorai,Uriya Yavnieli#BHUSA BlackHatEventsOrg High Value Targets#BHUSA BlackHatEventsThis talk Breaking down MLOps platforms to distinct features How ca

3、n each feature be attacked?Chaining MLOps attacks for total domination l33t“ML Worm”demo How to avoid these attacks#BHUSA BlackHatEventsWhat can MLOps do for YOUThe ML software supply chainPretrained ModelML PipelineModel RegistryModel Serving#BHUSA BlackHatEventsWhat can MLOps do for YOUML Pipeline

4、Data InputData CleaningPre-processingModel TrainingDeployment#BHUSA BlackHatEventsWhat can MLOps do for YOUdsl.pipeline(name=XGBoost Trainer,)def xgb_train_pipeline(output=gs:/your-gcs-bucket,project=your-gcp-project,train_data=gs:/ml-pipeline-playground/sfpd/train.csv,eval_data=gs:/ml-pipeline-play

5、ground/sfpd/eval.csv,.):._analyze_op=dataproc_analyze_op().after(_create_cluster_op).set_display_name(Analyzer)_transform_op=dataproc_transform_op().after(_analyze_op).set_display_name(Transformer)_train_op=dataproc_train_op().after(_transform_op).set_display_name(Trainer).#BHUSA BlackHatEventsWhat

6、can MLOps do for YOUCV_model 1.2My_dev_model 0.1ChatGPT 4.5#BHUSA BlackHatEventsWhat can MLOps do for YOUModel Registry#BHUSA BlackHatEventsWhat can MLOps do for YOUEmbeddingServing#BHUSA BlackHatEventsWhat can MLOps do for YOUEmbeddingServing$kubectl apply-f-ENDapiVersion:machinelearning.seldon.io/

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要探讨了机器学习平台(MLOps)的安全性问题。作者Shachar Menashe分享了其团队的研究成果,揭示了MLOps平台的攻击面。文章首先介绍了MLOps的六大核心功能:软件供应链、预训练模型、模型管道、注册、模型服务、数据集注册和实验跟踪。随后,文章指出了MLOps平台面临的主要安全威胁,包括:恶意模型、恶意数据集、Jupyter沙箱逃逸等。此外,文章还提到了实现漏洞,如缺乏身份验证、容器逃逸等。最后,作者提出了一些应对策略,如使用安全的模型格式、启用身份验证、检查模型等。总之,本文揭示了MLOps平台在安全方面面临的挑战,并提出了相应的解决方案。
"MLOps平台安全漏洞探究" "如何防范机器学习平台的安全风险?" 代码执行与权限控制挑战"
客服
商务合作
小程序
服务号
折叠