Discussion Paper Series 2021-E-3

Security Risks of Machine Learning Systems and Taxonomy Based on the Failure Mode Approach

Kazutoshi Kan

This paper clarifies the source of difficulties in machine learning security and determines the usefulness of the failure mode approach for capturing security risks of machine learning systems comprehensively. Machine learning is an inductive methodology that automatically extracts relationships among data from a huge number of input-output samples. Recently, machine learning systems have been implemented deeply in various IT systems and their social impact has been increasing. However, machine learning models have specific vulnerabilities and relevant security risks that conventional IT systems do not have. An overall picture regarding these vulnerabilities and risks has not been clarified sufficiently, and there has been no consensus about their taxonomy. Thus, this paper reveals the specificity of the security risks and describes their failure modes hierarchically by classifying them on three axes, i.e., (1) presence or absence of attacker's intention, (2) location of the vulnerabilities, and (3) functional characteristics to be lost. This paper also considers points for future utilization of machine learning in society.

Keywords: Machine learning; Failure mode; Secuirty risk; Vulnerability

Views expressed in the paper are those of the authors and do not necessarily reflect those of the Bank of Japan or Institute for Monetary and Economic Studies.

Copyright © 2021 Bank of Japan All Rights Reserved.

Home Japanese Home