预训练模型供应链中工件与安全风险的实证研究

Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses Pub Date : 2022-11-11 DOI:10.1145/3560835.3564547

Wenxin Jiang, Nicholas Synovic, R. Sethi, Aryan Indarapu, Matt Hyatt, Taylor R. Schorlemmer, G. Thiruvathukal, James C. Davis

{"title":"预训练模型供应链中工件与安全风险的实证研究","authors":"Wenxin Jiang, Nicholas Synovic, R. Sethi, Aryan Indarapu, Matt Hyatt, Taylor R. Schorlemmer, G. Thiruvathukal, James C. Davis","doi":"10.1145/3560835.3564547","DOIUrl":null,"url":null,"abstract":"Deep neural networks achieve state-of-the-art performance on many tasks, but require increasingly complex architectures and costly training procedures. Engineers can reduce costs by reusing a pre-trained model (PTM) and fine-tuning it for their own tasks. To facilitate software reuse, engineers collaborate around model hubs, collections of PTMs and datasets organized by problem domain. Although model hubs are now comparable in popularity and size to other software ecosystems, the associated PTM supply chain has not yet been examined from a software engineering perspective. We present an empirical study of artifacts and security features in 8 model hubs. We indicate the potential threat models and show that the existing defenses are insufficient for ensuring the security of PTMs. We compare PTM and traditional supply chains, and propose directions for further measurements and tools to increase the reliability of the PTM supply chain.","PeriodicalId":208151,"journal":{"name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain\",\"authors\":\"Wenxin Jiang, Nicholas Synovic, R. Sethi, Aryan Indarapu, Matt Hyatt, Taylor R. Schorlemmer, G. Thiruvathukal, James C. Davis\",\"doi\":\"10.1145/3560835.3564547\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep neural networks achieve state-of-the-art performance on many tasks, but require increasingly complex architectures and costly training procedures. Engineers can reduce costs by reusing a pre-trained model (PTM) and fine-tuning it for their own tasks. To facilitate software reuse, engineers collaborate around model hubs, collections of PTMs and datasets organized by problem domain. Although model hubs are now comparable in popularity and size to other software ecosystems, the associated PTM supply chain has not yet been examined from a software engineering perspective. We present an empirical study of artifacts and security features in 8 model hubs. We indicate the potential threat models and show that the existing defenses are insufficient for ensuring the security of PTMs. We compare PTM and traditional supply chains, and propose directions for further measurements and tools to increase the reliability of the PTM supply chain.\",\"PeriodicalId\":208151,\"journal\":{\"name\":\"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3560835.3564547\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3560835.3564547","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

深度神经网络在许多任务上实现了最先进的性能，但需要越来越复杂的架构和昂贵的训练过程。工程师可以通过重用预训练模型(PTM)并根据自己的任务对其进行微调来降低成本。为了促进软件重用，工程师围绕模型中心、ptm集合和按问题域组织的数据集进行协作。尽管模型中心现在在流行程度和规模上与其他软件生态系统相当，但相关的PTM供应链尚未从软件工程的角度进行检查。我们对8个模型中心的工件和安全特性进行了实证研究。我们指出了潜在的威胁模型，并表明现有的防御措施不足以确保ptm的安全性。我们比较了PTM和传统供应链，并提出了进一步测量和工具的方向，以提高PTM供应链的可靠性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain

Deep neural networks achieve state-of-the-art performance on many tasks, but require increasingly complex architectures and costly training procedures. Engineers can reduce costs by reusing a pre-trained model (PTM) and fine-tuning it for their own tasks. To facilitate software reuse, engineers collaborate around model hubs, collections of PTMs and datasets organized by problem domain. Although model hubs are now comparable in popularity and size to other software ecosystems, the associated PTM supply chain has not yet been examined from a software engineering perspective. We present an empirical study of artifacts and security features in 8 model hubs. We indicate the potential threat models and show that the existing defenses are insufficient for ensuring the security of PTMs. We compare PTM and traditional supply chains, and propose directions for further measurements and tools to increase the reliability of the PTM supply chain.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses

自引率

0.00%

发文量