feat(docs): add cheatseet for ML07 #207
Conversation
| @@ -0,0 +1,72 @@ | |||
| ### Transfer Learning in Machine Learning Cheat Sheet | |||
|
|
|||
| #### Introduction | |||
There was a problem hiding this comment.
This is really an overview of transfer learning. I would lift the language from the transfer learning attack doc: https://github.com/OWASP/www-project-machine-learning-security-top-10/blob/master/docs/ML07_2023-Transfer_Learning_Attack.md
Keep a bit of the overview since this is complex space and it helps the reader better understand. I think also adding additional language around how fine-tuning is a transfer learning techniques. I would argue fine-tuning is probably the more commonly used terms.
Under the lens of LLMs (I know that's not our Top 10), this is becoming one of the more commonly used techniques.
There was a problem hiding this comment.
Alright, got it!
| - Improve performance on new tasks using knowledge from related tasks. | ||
| - Enable effective learning with limited labeled data by transferring knowledge from large datasets. | ||
|
|
||
| #### Strategies |
There was a problem hiding this comment.
Remove this section and then put a section called "risks of transfer learning". Think risks around Data Leakage and Poisoning with the model. Also talk about
Keep in mind, since I mentioned fine tuning above, that I see 2 categories of attack. I'm going to add a few more scenarios in the ML07 doc:
- Targeting the owner of the model. I.e. the adversary targets a model the owner built.
- Targeting the fine tunings. I.e. the adversary targets existing fine tunings.
There was a problem hiding this comment.
I'll research and add around 4-5 risks associated with transfer learning attack.
| 3. **Domain Adaptation**: Adjust pre-trained models to new domains by transferring knowledge while minimizing domain shift. | ||
| 4. **Multi-task Learning**: Train models to perform multiple tasks simultaneously, leveraging shared representations for improved performance. | ||
|
|
||
| #### Implementation |
There was a problem hiding this comment.
I would put another section above implementation that breaks down each mitigation in the ML07_2023-Transfer_Learning_Attack.md doc. So if you look at the Input Validation Cheat Sheet it starts with Introduction, Goals, and then breaks down the mitigations.
There was a problem hiding this comment.
Thanks for the review @techiemac. What mitigations should I consider here for transfer learning attack. And how much should be the content?
There was a problem hiding this comment.
And do I enhance the Strategies part or completely replace it with the mitigations?
| 4. **Multi-task Learning**: Train models to perform multiple tasks simultaneously, leveraging shared representations for improved performance. | ||
|
|
||
| #### Implementation | ||
| ```python |
There was a problem hiding this comment.
Appreciate the code example! I'll defer to @shsingh but I think we should include an example of each attack in the cheat sheet. The developer in me really likes that approach and it makes this more accessable.
This is a bit dated but Bolun Wang put an example from his 2018 Transfer Learning Attack paper in a github repo. Maybe trim some of that down to demonstrate a rudimentary attack
There was a problem hiding this comment.
Okay, I will have to go through the repo once and check what's the content in there :)
| # Train model on new data | ||
| model.fit(train_data, train_labels, epochs=10, batch_size=32, validation_data=(val_data, val_labels)) | ||
| ``` | ||
| ### Best Practices |
There was a problem hiding this comment.
Remove this section since it talks about transfer learning and not attack mitigations.
|
|
||
| **Experiment with Architectures**: Explore different architectures and pre-trained models for best performance. | ||
|
|
||
| ### Conclusion |
There was a problem hiding this comment.
This is not really needed for a cheatsheet. The persona of the cheetsheet is going to download it and then reference relevant sections. It's not really going to be treated as a doc
There was a problem hiding this comment.
Okay, I'll make the changes.
| @@ -0,0 +1,47 @@ | |||
| ## ML01:2023 Input Manipulation Attack | |||
There was a problem hiding this comment.
For now, let's hold off on the summaries. I appreciate the ownership but work still needs to be done on the core docs. I think once that is complete, we will just lift the Description of each one into the respective summaries.
This PR adds cheatsheet for transfer learning attack.
Ref: #155
CC: @shsingh @techiemac