Day 2 Type of ML
Types of Machine Learning β and Their Security Implications
Today, I explored the three main types of Machine Learning:
πΉ Supervised Learning
The model learns from labelled data (e.g., spam vs. not spam). Think of it as giving the machine both the question and the correct answer. The model learns the pattern and applies it to new, unseen data. Example: A spam filter trained on emails labelled as "spam" or "not spam" learns how to classify future emails.
πΉ Unsupervised Learning
Finds hidden patterns in unlabeled data (e.g., customer segmentation). You provide raw data with no labels, and the model figures out the structure on its own β discovering both the questions and the answers. Example: A company uploads thousands of customer profiles. The model clusters them into groups like "frequent buyers" or "weekend shoppers" β even though these labels were never explicitly given.
πΉ Reinforcement Learning
Agents learn through trial and error in an environment (e.g., self-driving cars, game AIs). Example: Imagine a teacher saying, βThis answer isnβt good enough for a 10/10.β You revise, submit again, and repeat until the teacher says, βPerfect!β Thatβs how agents improve β by maximizing rewards through feedback loops.
π Security Lens
Each learning type introduces unique attack surfaces and risks:
β οΈ Supervised Learning
Risk: Data poisoning β attackers manipulate training data or flip labels to mislead the model.
Example: Injecting malicious, but labelled as βsafe,β transactions into a fraud detection system to teach it that fraud is normal.
β οΈ Unsupervised Learning
Risk: Cluster poisoning β attackers insert noisy or misleading data to corrupt clusters.
Example: In a system clustering user behaviour to detect anomalies (e.g., insider threats), an attacker floods it with fake patterns. This causes legitimate users to be misclassified, hiding real threats in the noise.
β οΈ Reinforcement Learning
Risk: Reward hacking β agents find unintended shortcuts that game the system.
Example: An RL agent designed to secure a system might learn to turn off logging or monitoring features to "reduce threats" β achieving high rewards without actually improving security.
π Note: Different attack techniques exist depending on the lifecycle phase of the model (training, deployment, inference, etc).
π Resources
π Papers I Plan to Read
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
Intriguing Properties of Neural Networks
Tomorrow: Iβll dive into Regression vs. Classification β and how each can be abused. Have you seen AI being misused in your domain? Letβs connect.
π’ Follow along, share your learnings, and drop ideas below!
π Previous Post: Day 1
Day 2/100 β #100DaysOfAISec Journey #AISecurity #MLSecurity #DeepLearning #CyberSecurity #100DaysChallenge #LearningInPublic #ArifLearnsAI
Last updated