ETSI GR SAI 005 provides a technical reference for securing AI systems by analyzing the machine learning lifecycle and categorizing mitigation strategies against training attacks like poisoning and inference attacks such as model stealing. The report details approaches including model enhancement and model-agnostic techniques, while noting that many existing solutions are academic in nature and may require adaptation for practical deployment. It emphasizes that as attack technologies evolve, current defenses may lose effectiveness, highlighting the need for future research in automatic verification, explainability, and novel security methods. This document aims to guide the planning, design, and maintenance of AI-based systems by addressing the specific vulnerabilities inherent in deep learning applications.
Keywords: deep learning, model poisoning, backdoor attacks, evasion attacks, AI security