Merge pull request #104 from OWASP/92-refactor-rename-neural-net-reprogramming-to-model-poisoning

shsingh · web-flow · commit 439ede4801e6 · 2023-09-05T19:00:42.000+10:00
refactor: change neural net reprogramming to model poisoning
diff --git a/docs/ML10_2023-Model_Poisoning.md b/docs/ML10_2023-Model_Poisoning.md
@@ -7,7 +7,7 @@ auto-migrated: 0
 document: OWASP Machine Learning Security Top Ten 2023
 year: 2023
 order: 10
-title: ML10:2023 Neural Net Reprogramming
+title: ML10:2023 Model Poisoning
 lang: en
 tags:
   [
@@ -24,17 +24,17 @@ technical: 3
 
 ## Description
 
-Neural net reprogramming attacks occur when an attacker manipulates the model\'s
+Model poisoning attacks occur when an attacker manipulates the model\'s
 parameters to cause it to behave in an undesirable way.
 
 ## How to Prevent
 
 **Regularisation:** Adding regularisation techniques like L1 or L2
 regularization to the loss function helps to prevent overfitting and reduce the
-chance of neural net reprogramming attacks.
+chance of model poisoning attacks.
 
 **Robust Model Design:** Designing models with robust architectures and
-activation functions can help reduce the chances of successful reprogramming
+activation functions can help reduce the chances of successful model poisoning
 attacks.
 
 **Cryptographic Techniques:** Cryptographic techniques can be used to secure the
@@ -54,21 +54,20 @@ the specific circumstances of each machine learning system.
 
 ## Example Attack Scenarios
 
-### Scenario \#1: Financial gain through neural net reprogramming {#scenario1}
+### Scenario \#1: Financial gain through model poisoning {#scenario1}
 
 Consider a scenario where a bank is using a machine learning model to identify
 handwritten characters on cheques to automate their clearing process. The model
 has been trained on a large dataset of handwritten characters, and it has been
 designed to accurately identify the characters based on specific parameters such
 as size, shape, slant, and spacing.
 
-An attacker who wants to exploit the Neural Net Reprogramming attack may
-manipulate the parameters of the model by altering the images in the training
-dataset or directly modifying the parameters in the model. This can result in
-the model being reprogrammed to identify characters differently. For example,
-the attacker could change the parameters so that the model identifies the
-character "5" as the character "2", leading to incorrect amounts being
-processed.
+An attacker who wants to poison a machine learning model may manipulate the
+parameters of the model by altering the images in the training dataset or
+directly modifying the parameters in the model. This can result in the model
+being reprogrammed to identify characters differently. For example, the attacker
+could change the parameters so that the model identifies the character "5" as
+the character "2", leading to incorrect amounts being processed.
 
 The attacker can exploit this vulnerability by introducing forged cheques into
 the clearing process, which the model will process as valid due to the
diff --git a/index.md b/index.md
@@ -14,15 +14,17 @@ auto-migrated: 0
 ### 📌 _**Important Information**_
 
 _The current version of this work is in draft and is being modified frequently.
-Please refer to the [project wiki](https://github.com/OWASP/www-project-machine-learning-security-top-10/wiki) for information on how to contribute and project release timelines._
+Please refer to the
+[project wiki](https://github.com/OWASP/www-project-machine-learning-security-top-10/wiki)
+for information on how to contribute and project release timelines._
 
 ## Overview
 
 Welcome to the repository for the OWASP Machine Learning Security Top 10
-project!
-The primary aim of the OWASP Machine Learning Security Top 10 project is to
-deliver an overview of the top 10 security issues of machine learning systems.
-More information on the project scope and target audience is available in our
+project! The primary aim of the OWASP Machine Learning Security Top 10 project
+is to deliver an overview of the top 10 security issues of machine learning
+systems. More information on the project scope and target audience is available
+in our
 [project working group charter](https://owasp.org/www-project-machine-learning-security-top-10#div-charter)
 
 ## Top 10 Machine Learning Security Risks
@@ -36,7 +38,7 @@ More information on the project scope and target audience is available in our
 - [**ML07:2023 Transfer Learning Attack**](/docs/ML07_2023-Transfer_Learning_Attack.md)
 - [**ML08:2023 Model Skewing**](/docs/ML08_2023-Model_Skewing.md)
 - [**ML09:2023 Output Integrity Attack**](/docs/ML09_2023-Output_Integrity_Attack.md)
-- [**ML10:2023 Neural Net Reprogramming**](/docs/ML10_2023-Neural_Net_Reprogramming.md)
+- [**ML10:2023 Model Poisoning**](/docs/ML10_2023-Model_Poisoning.md)
 
 ## Communication
 
