1. Attack surface and vulnerabilities of the ML system
The following questionnaire is composed of 24 questions meant to estimate the attack surface of your machine-learning system. The questions are designed to identify potential vulnerabilities in the several assets that compose a typical machine-learning pipeline. These questions are organized into 4 categories related to the stages in the lifecycle of a machine-learning system:
· Training data collection (8 questions)
· Design & Implementation (4 questions)
· Training process (5 questions)
· Deployment & Integration + Inference (7 questions)
If your organization runs several machine learning systems, consider one of them when answering this questionnaire. Alternatively, you can complete one questionnaire you would like to evaluate per machine learning system.
Target: Data Scientist (or Data Engineer)
Training data collection:
1. What data sources are used to build your training dataset? (Select all that apply)
Untitled checkboxes field
2. Do you track the provenance of your training data (i.e., you authenticate your data sources and record which source provided which data)? (Select all that apply)
Untitled checkboxes field
3. If you use data derived from, or supplied by, customers, how many customers
contribute to build your training dataset?
Untitled checkboxes field
4. How much data are in your training datasets?
Untitled checkboxes field
5. How is your training data labelled? (Select all that apply)
Untitled checkboxes field
6. Do processes exist by which external parties can modify labels in your training dataset (e.g., through customer feedback)?
Untitled checkboxes field
7. Where is your training data stored? (Select all that apply)
Untitled checkboxes field
8. Do you use external/public serialization libraries to transform and store your training data (e.g., Pickle, Numpy .npy, etc.)?
Untitled checkboxes field
Design / Implementation:
9. What type of data is used as input to your ML model? (Select all
that apply)
Untitled checkboxes field
10. How is data represented when input to your ML model? (Select all that apply)
Untitled checkboxes field
11. What type of learning task do you perform? (Select all that apply)
Untitled checkboxes field
12. What type of machine learning model do you use? (Select all that apply)
Untitled checkboxes field
Training process
13. Do you use a pre-trained ML model as a basis to train your ML model (e.g., through fine-tuning or transfer learning)? (Select all that apply)
Untitled checkboxes field
14. Do you use an external Machine Learning as a Service (MLaS) platform to train your
ML model?
Untitled checkboxes field
15. Do you use external/public machine learning and/or data pre-processing framework/libraries to prepare and/or train your ML model (e.g., scikit-learn, (Py)Torch, TensorFlow, Keras, etc.)?
16. Do you and how often do you retrain your model?
Untitled checkboxes field
17. Do you package your trained model using external or public serialization libraries
(e.g., pickle, hdf5, dill, ONNX, pmml, etc.)?
Untitled checkboxes field
Deployment / Inference:
18. How is your trained model deployed?
Untitled checkboxes field
19. Who or what produces inputs for the ML model during inference? (Select all that apply)
Untitled checkboxes field
20. Are the authenticity, integrity and confidentiality of the inputs to your ML model protected? (Select all that apply)
Untitled checkboxes field
21. Who or what is the end user/consumer of the ML model’s predictions/recommendations? (Select all that apply)
Untitled checkboxes field
22. Are the authenticity, integrity and confidentiality of the ML model’s predictions protected? (Select all that apply)
Untitled checkboxes field
23. Does your ML model return to the user any information apart from the predictions/recommendations specified as the model's purpose?
Untitled checkboxes field
24. How would you characterize the granularity of the predictions/recommendations
returned by your model to the users?
Untitled checkboxes field