Suggestions on preventing the risk of loopholes in artificial Intelligence Deep Learning Open Source platform.

At present, China, the United States, Europe and other countries and regions attach great importance to the development of artificial intelligence, seize the ecological construction of artificial intelligence deep learning open source platform, and vigorously promote platform-based intelligent manufacturing, intelligent energy, intelligent transportation and other applications.

At the same time, the security risk of artificial intelligence is gradually increasing, and the role of security capability for the smooth operation of economy and society is becoming more and more prominent.

As a security flaw of the information system, vulnerabilities will cause the system to be accessed or destroyed without authorization, and will be purposefully exploited by attackers. It has become a "killer's mace" in cyberspace warfare.

Since 2021, Tensorflow, Google's open source platform for deep learning, has been exposed frequently. The National Information Security vulnerability sharing platform (CNVD) has included 46 vulnerabilities on May 28th, 2021 alone. The existence and exploitation of vulnerabilities have brought serious security risks to artificial intelligence applications, which should be paid great attention to.

I. the open source platform and security status of applied deep learning in China.

Foreign platforms account for nearly 80% of China's market.

At present, the global mainstream open source platform for deep learning is mainly monopolized by the United States, such as Google TensorFlow, Facebook Torch and PyTorch, Microsoft CNTK, Amazon MXNet, Caffe, DL4J and so on.

According to the IDC 2020 "Deep Learning Framework and platform Market share" report, the deep learning open source platform being applied in China, the top three market shares are Google, Baidu and Facebook.

Among them, the total market share of foreign platforms is close to 80%, occupying a dominant position, while Baidu Flying Propeller platform accounts for 20% of the market share.

Users of major domestic industries are highly dependent on foreign platforms.

In China, in order to facilitate the use of open source components to improve development efficiency and facilitate technical and academic exchanges with foreign countries, head technology enterprises such as NetEase, Sina, Xiaomi and Meituan, well-known universities such as Tsinghua University and Sun Yat-sen University, as well as companies in important industries such as China Mobile and Lenovo are using foreign platforms such as Google TensorFlow, which are used in communications, Internet, medical, marine and other fields.

Business types include communication network splicing, case labeling, sea surface temperature prediction, as well as images, natural language understanding, speech recognition and recommendation.

Security vulnerabilities are common in mainstream open source platforms.

At present, TensorFlow, Caffe, Torch and other foreign platforms have been exposed security loopholes.

According to the open source software community GitHub data, since 2020, Tensorflow has been exposed more than 100 security vulnerabilities.

Among them, Baidu security team found 75 security vulnerabilities that could lead to system instability, data leakage, memory corruption and other problems, while 360 found 49.

Recently, more than 150 vulnerabilities have been found in 7 machine learning frameworks (such as Tensorflow, PyTorch, etc.) and more than 200 loopholes in the framework supply chain.

In fact, as early as 2017, universities such as the University of Georgia and the University of Virginia found 15 vulnerabilities on the three platforms of TensorFlow, Caffe and Torch, including DoS denial of service attacks, dodge attacks, system damage attacks, and so on. Tencent security team found that there are major vulnerabilities in TensorFlow components, which can be easily controlled by hackers if developers use this component when writing robot programs.

Second, potential security risks.

Vulnerabilities can easily be implanted into artificial intelligence systems through open source platforms.

According to the Gartner survey, 99% of organizations use open source software in their information systems.

Open source code and software constitute the basis of deep learning open source platform system, open source code and software itself have security vulnerabilities, many open source platforms do not have the response mechanism to repair vulnerabilities.

According to the survey results of the National computer Network Emergency Technology processing Coordination Center, the number of vulnerabilities in the open source component ecology has increased year by year in the past six years, with 3426 new vulnerabilities in 2020, an increase of 40% over the same period last year.

In 2020, the national information security vulnerability sharing platform found that there are vulnerabilities in the open source software Apache Tomcat, which may cause sensitive data leakage such as some important configuration files or source code, and remote code execution can be realized under certain conditions, and the user's server will be directly controlled.

The internal connection of the artificial intelligence system is close and complex, and the algorithm has inherent characteristics such as learning in a statistical way and relying entirely on data. Many key applications depend on the back-end artificial intelligence system, and the artificial intelligence system depends on the training model provided by the open source platform. Hackers can easily insert loopholes into artificial intelligence applications through open source platforms or exploit vulnerabilities to develop malicious models, so as to control and tamper with artificial intelligence applications.

Once the open source platform is lost, it will lead to a chain crash, which is more serious than the traditional hacker attack in the Internet era.

Such vulnerabilities are buried at the bottom of the platform and are confusing. In the absence of security testing and certification of the open source platform, it is difficult for most open source platform researchers and applications to identify the security risks of the platform.

In addition, applications based on deep learning open source platform usually require complex data training process, which makes malicious model attacks difficult to detect in a short time.

At present, foreign open source platforms firmly control the core resources and game rules. Once the open source code with vulnerabilities is purposefully implanted and maliciously exploited, the security and reliability of artificial intelligence applications will be greatly reduced, resulting in significant property losses and adverse social impact.

The loophole of open source platform will challenge the economic operation of our country.

According to the New Generation artificial Intelligence Development Plan issued by the State Council in 2017, the scale of China's artificial intelligence-related industries will exceed 5 trillion yuan by 2025, becoming the main driving force for China's industrial upgrading and economic transformation.

At present, artificial intelligence is being accelerated to be used in important industries and fields of the national economy, such as manufacturing, transportation, finance, energy, public services and so on. Deep learning open source platform as the underlying base of artificial intelligence software development, the loopholes in its components can be used by using