-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
APAC\APM4KOR
committed
Nov 25, 2024
1 parent
5761273
commit a69c547
Showing
1 changed file
with
39 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,8 @@ | ||
|  | ||
|
|
||
|    | ||
|   | ||
|
|
||
| # AIShield.Watchtower 🔍: Fortifying AI/ML Model and Notebook Security | ||
|
|
||
| In today's rapidly advancing landscape of machine learning and artificial intelligence (AI), ensuring the security of AI | ||
|
|
@@ -48,14 +51,12 @@ AIShield Watchtower can be used to inspect vulnerabilities in Jupyter notebooks, | |
|
|
||
| For using AIShield Watchtower, clone Watchtower repo. Install prerequisites and scan your notebooks and AI/ML models. Some starting sample test files are available within the Watchtower repo. | ||
|
|
||
| --- | ||
|
|
||
| ### Prerequisites | ||
|
|
||
| - For running Watchtower in CLI or UI version, python3 and pip should be installed in the host system. | ||
| - For running UI-Docker version, docker and docker-compose should be installed in the host system. | ||
| > ⚠️ **Warning:** | ||
| > As a security precaution when using the webapp or the Docker version, it is recommended to scan unknown/untrusted artifacts in a an isolated network / isoldated Docker container. | ||
| > As a security precaution when using the webapp or the Docker version, it is recommended to scan unknown/untrusted artifacts in a an isolated sandbox environment (network/docker/compute etc). | ||
| Cloning Watchtower repo | ||
|
|
||
|
|
@@ -74,9 +75,6 @@ cd watchtower | |
| ```powershell | ||
| ./install.bat | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ### Inspect Jupyter Notebooks and ML/DL Models | ||
|
|
||
| Change directory to src. | ||
|
|
@@ -134,13 +132,13 @@ python watchtower.py --repo_type=folder --path=<Enter path of Folder> | |
|
|
||
|  | ||
|
|
||
| --- | ||
|
|
||
| ## UI | ||
| For using Watchtower UI, execute the following command: | ||
| ```python | ||
| python watchtower_webapp.py | ||
| ``` | ||
| --- | ||
|
|
||
|  | ||
|
|
||
| ## UI-Docker | ||
|
|
@@ -161,8 +159,6 @@ For stopping and removing Watchtower image execute following | |
| ```python | ||
| docker-compose down | ||
| ``` | ||
| --- | ||
|
|
||
| ## Reports | ||
|
|
||
| On successful completion of the Watchtower scan, three reports will be generated in the following path : | ||
|
|
@@ -225,10 +221,12 @@ On successful completion of the Watchtower scan, three reports will be generated | |
|
|
||
| - **Model and Notebook Detection**: Automatically recognizes AI/ML models and Notebooks within a provided repository. | ||
| - **Scanning**:Executes thorough scans of the models and notebooks to detect potential safety and security concerns. | ||
| - **Report Generation**: Produces comprehensive reports that classify the scanned files containing "low," "medium,", "high" and "critical" risk. | ||
| - **Supported Repositories** : AIShield Watchtower supports integration with GitHub, Huggingface and AWS S3 buckets, allowing for automated scanning of repositories and AWS S3 buckets to identify potential risks. | ||
|
|
||
| Supported Model Formats: | ||
| ### Supported Model Formats | ||
|
|
||
| | Framework | File Format | Deserialization | Backdoor Attacks | Runtime Threats | | ||
| | Framework | File Format | Deserialization Risks | Backdoor Risks | Runtime Risks | | ||
| |-------------------|------------------|------------------------|-------------------------|------------------------| | ||
| | [Tensorflow](https://www.tensorflow.org/tutorials/keras/save_and_load#save_the_entire_model) | .pb | ✅ | ✅ | | | ||
| | [Tensorflow](https://www.tensorflow.org/tutorials/keras/save_and_load#save_the_entire_model) | .h5 | ✅ | ✅ | | | ||
|
|
@@ -244,11 +242,36 @@ Supported Model Formats: | |
| | Misc | .zip | ✅ | | | | ||
| *For more details on these file formats, please write to [[email protected]](mailto:[email protected]). | ||
|
|
||
| - **Report Generation**: Produces comprehensive reports that classify the scanned files containing "low," "medium,", "high" and "critical" risk. | ||
| - **Supported Repositories** : AIShield Watchtower supports integration with GitHub, Huggingface and AWS S3 buckets, allowing for automated scanning of repositories and AWS S3 buckets to identify potential risks. | ||
| ### Additional File Formats | ||
|
|
||
| | Framework | File Format | Detections | | ||
| | :--------------- | :---------- | :------------------------------------------------------- | | ||
| | Jupyter Notebook | .ipynb | Hardcoded secrets,Passwords PII, Tokens(API, Web, other) | | ||
| | Python | .py | Hardcoded secrets,Passwords PII, Tokens(API, Web, other) | | ||
|
|
||
| ### AI Software Bill of Materials (SBOM) | ||
|
|
||
| | File Format | Detections | | ||
| | :--------------------------------- | :------------------------------ | | ||
| | Requirements File (Autodiscovered) | Libraries, Unsafe Library Flags | | ||
| | Jupyter Notebook (Autodiscovered) | Libraries, Unsafe Library Flags | | ||
|
|
||
| *** | ||
|
|
||
| ## Risk Analysis | ||
|
|
||
| ### 1. Deserialization Risks | ||
|
|
||
| Occurs when unverified data is used to rebuild objects. Attackers may exploit these to introduce malicious code, compromising system integrity. | ||
|
|
||
| ### 2. Backdoor Risks | ||
|
|
||
| Hidden pathways allow attackers to manipulate model behavior through specific triggers. These covert exploits remain undetected during normal operations. | ||
|
|
||
| ### 3. Runtime Risks | ||
|
|
||
| Activated during model inference or task execution, runtime risks involve malicious code execution, leading to unauthorized access or manipulation. | ||
|
|
||
| --- | ||
|
|
||
| ## Benefits | ||
|
|
||
|
|
@@ -282,8 +305,6 @@ Supported Model Formats: | |
| wide range of risks, from model tampering to unauthorized data access. This comprehensive assessment ensures a | ||
| thorough examination of all possible vulnerabilities, leaving no stone unturned in safeguarding AI/ML assets. | ||
|
|
||
| --- | ||
|
|
||
| ## Limitation | ||
|
|
||
| 1. Limited support for scanning of .pb file from s3 buckets. | ||
|
|
@@ -303,8 +324,6 @@ Supported Model Formats: | |
| 1. Repositories cloned from GitHub and Hugging Face during watchtower analysis are not automatically removed | ||
| post-analysis. It is advisable to manually delete these folders found within the 'src' directory. | ||
|
|
||
| --- | ||
|
|
||
| ## Contribution | ||
|
|
||
| Contributions are always welcome! See the [Contribution Guidelines](CONTRIBUTE.md) for more details. | ||
|
|
@@ -322,8 +341,6 @@ Contributions are always welcome! See the [Contribution Guidelines](CONTRIBUTE.m | |
| 11. [Shankar Ajmeera](https://www.linkedin.com/in/shankar-ajmeera-00b22522a/) | ||
| 12. [Aravindh J](https://www.linkedin.com/in/aravindhj6/) | ||
|
|
||
| --- | ||
|
|
||
| ## License | ||
|
|
||
| This project is licensed under the Apache License. See [LICENSE](LICENSE.md) for details. | ||
|
|
@@ -362,3 +379,4 @@ First and foremost, we want to extend our deepest gratitude to the vibrant open- | |
|
|
||
| In creating AI Watchtower, it's our humble attempt to give back to this incredible community. We're inspired by the spirit of collaboration and are thrilled to contribute our grain of sand to the vast desert of open-source knowledge. Together, let's continue to make the AI landscape safer and more robust for all! | ||
|
|
||
|
|
||