szha closed pull request #9756: Fix markdown link syntax error
URL: https://github.com/apache/incubator-mxnet/pull/9756
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/docs/faq/security.md b/docs/faq/security.md
index 09fa22b7e3..0615acda34 100644
--- a/docs/faq/security.md
+++ b/docs/faq/security.md
@@ -12,7 +12,7 @@ In particular the following threat-vectors exist when 
training using MXNet:
 It is highly recommended that the following best practices be followed when 
using MXNet:
 
 * Run MXNet with least privilege, i.e. not as root.
-* Run MXNet training jobs inside a secure and isolated environment. If you are 
using a cloud provider like Amazon AWS, running your training job inside a 
[private VPC] (https://aws.amazon.com/vpc/) is a good way to accomplish this. 
Additionally, configure your network security settings so as to only allow 
connections that the cluster nodes require.
+* Run MXNet training jobs inside a secure and isolated environment. If you are 
using a cloud provider like Amazon AWS, running your training job inside a 
[private VPC](https://aws.amazon.com/vpc/) is a good way to accomplish this. 
Additionally, configure your network security settings so as to only allow 
connections that the cluster nodes require.
 * Make sure no unauthorized actors have physical or remote access to the nodes 
participating in MXNet training.
 * During training, one can configure MXNet to periodically save model 
checkpoints. To protect these model checkpoints from unauthorized access, make 
sure the checkpoints are written out to an encrypted storage volume, and have a 
provision to delete checkpoints that are no longer needed.
 * When sharing trained models, or when receiving trained models from other 
parties, ensure that model artifacts are authenticated and integrity protected 
using cryptographic signatures, thus ensuring that the data received comes from 
trusted sources and has not been maliciously (or accidentally) modified in 
transit.
@@ -21,4 +21,4 @@ It is highly recommended that the following best practices be 
followed when usin
 # Deployment Considerations
 The following are not MXNet framework specific threats but are applicable to 
Machine Learning models in general.
 
-* When deploying high-value, proprietary models for inference, care should be 
taken to prevent an adversary from stealing the model. The research paper 
[Stealing Machine Learning Models via Prediction APIs] 
(https://arxiv.org/pdf/1609.02943.pdf) outlines experiments performed to show 
how an attacker can use a prediction API to leak the ML model or construct a 
nearly identical replica. A simple way to thwart such an attack is to not 
expose the prediction probabilities to a high degree of precision in the API 
response.
+* When deploying high-value, proprietary models for inference, care should be 
taken to prevent an adversary from stealing the model. The research paper 
[Stealing Machine Learning Models via Prediction 
APIs](https://arxiv.org/pdf/1609.02943.pdf) outlines experiments performed to 
show how an attacker can use a prediction API to leak the ML model or construct 
a nearly identical replica. A simple way to thwart such an attack is to not 
expose the prediction probabilities to a high degree of precision in the API 
response.


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to