This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Top 5 Machine Learning Risks"

From OWASP
Jump to: navigation, search
(Classifications)
(seba added as co-leader)
 
(10 intermediate revisions by the same user not shown)
Line 22: Line 22:
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |
 
| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |
.
 
  
== Presentation ==
+
== Project News ==
 +
June 2018: <br />
 +
* Project was discussed in Open Security Summit 2018 with wider team. https://open-security-summit.org/tracks/owasp-projects/working-sessions/owasp-top-5-machine-learning-risks/. stay tuned for outcomes.
 +
* The first draft document is now available on Github https://github.com/OWASP/Top-5-Machine-Learning-Risks/
 +
* Please raise issues in github for any comments or suggestions
  
TBD
 
 
 
== Related Projects ==
 
  
*  
+
March 2018: <br />
 +
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
 +
* Second meeting held (Talal, Prabhant and Sethy)
  
== Openhub ==
+
February 2018: <br />
 +
* First meeting held (Talal, Jean- Noël and Prabhant)
 +
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.
  
* [https://www.openhub.net/orgs/OWASP OWASP Project Openhub]
+
January 2018:<br />
 +
2 members joined the team:
 +
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
 +
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.  
  
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
+
September 2017:<br />
| style="padding-left:25px;width:200px;" valign="top" |
+
* Project introduction in webinar (attached)
 +
[[File:https://www.owasp.org/images/c/cc/Machine_Learning_for_Application_Security_Professionals.pdf|thumb]]
  
 
== Quick Download ==
 
== Quick Download ==
TBD
 
 
== News and Events ==
 
 
*
 
 
== In Print ==
 
 
 
TBD
 
TBD
  
Line 79: Line 78:
  
 
* Project Leader: [[User:Talal Albacha|Talal Albacha]]
 
* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
+
* Project Co-leader : [[User: Sdeleersnyder|Sebastien Deleersnyder]]
 +
* [Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]
 
* [Https://twitter.com/prabhantsingh Prabhant Singh]   
 
* [Https://twitter.com/prabhantsingh Prabhant Singh]   
 +
* Sereysethy Touch 
 
* ..[your name]..   
 
* ..[your name]..   
  
Line 86: Line 87:
  
 
We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
 
We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
+
* Draft version (https://github.com/OWASP/Top-5-Machine-Learning-Risks/)
 
* Community responses
 
* Community responses
 
* Validate in AppSec conference
 
* Validate in AppSec conference
 
* Release final list for the year.
 
* Release final list for the year.
  
As of September 2017, the topics priorities are:
 
** Machine Learning Introduction
 
*** What are the available machine learning platforms?
 
*** Are there any security vulnerabilities associated with these platforms?
 
** Usage of Machine Learning in Security
 
*** Can AI be used to reduce false positive findings in security scanners?
 
*** Fraud Detection...
 
** Security  of Machine learning
 
*** ML Learning phase
 
*** How to securely feed data to ML and AI tools
 
*** How to make learning algorithms aware of malicious data?
 
** Top 5 risks
 
** Defending techniques
 
** References and Additional Resources
 
 
__NOTOC__ <headertabs></headertabs>  
 
__NOTOC__ <headertabs></headertabs>  
  

Latest revision as of 19:50, 28 August 2018

OWASP Project Header.jpg

The OWASP Top 5 Machine Learning Risks

The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

Description

Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

Licensing

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Project News

June 2018:


March 2018:

  • New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
  • Second meeting held (Talal, Prabhant and Sethy)

February 2018:

  • First meeting held (Talal, Jean- Noël and Prabhant)
  • Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:
2 members joined the team:

  • Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
  • Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:

  • Project introduction in webinar (attached)
File:Https://www.owasp.org/images/c/cc/Machine Learning for Application Security Professionals.pdf

Quick Download

TBD

Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

How can I participate in your project?

This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

Contributors

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Top_5_Machine_Learning_Risks&oldid=242897"