Leading cloud providers AWS and Azure are building an ecosystem of tools along with cloud infrastructure. Today, cloud-based applications are powering a number of uses — navigating ships carrying cargo, connecting online and offline retail markets, machine learning in fintech for fraud detection and many more.
But when it comes to security, cloud services still have a lot to improve. This time the flaw in cloud security came from a different premise. In a study conducted by a team at Baidu X-Lab, the top cloud service providers like Google and Microsoft faltered in securing their cloud based image classifier services.
How Flawed Is The Service
The authors in this paper begin by writing that cloud-based image classification service is not robust to simple transformations such as Gaussian Noise, Salt-and-Pepper Noise ,Rotation And Monochromatization.
In order to show the vulnerabilities looming cloud services, the researchers devised an attack called Image Fusion(IF). This attack can be implemented with something as simple as OpenCV and the results show that this attack is impenetrable.
In a bold move, the researchers also choreographed a simple transformation(ST) attack on cloud providing giants like Google, Amazon and Microsoft.
Image Fusion attack is a technique that applies a certain background image to the original image. Background image often contains rich high-frequency signals. So similar to noising, this technique makes image structural information difficult to extract.
Visualizing convolution feature map of a model working on an image of cat, post image fusion attack, the researchers found the features extracted by convolution already contain a large amount of information of background image, and the feature information of the original image to be seriously damaged.
The above figure is an illustration of how image fusion attack changes the output from ‘cat’ to ‘people’.
Defending Such Attacks
The results show that ST attacks were able to effectively degrade the performance of cloud-based image classification services including Amazon, Google, Microsoft, Clarifai. Gaussian Noise and salt-and-Pepper Noise attacks have a success rate of approximately 100% except in the case of Amazon.
The above figure illustrates how the top providers cope up with the attacks. Amazon, which labels above 50% of all images of 4 ST attacks correctly, has done a better job than other cloud platforms.
The authors observe that simple transformation(ST) attack is a common image information method. And, a model can be improved when ST is teamed up with techniques like Random Rotation, Random Grayscale, Random Horizontal Flip, Random Resize and Crop and Noise filter during the data augmentation stages of building a model.
For instance, to defend from a rotation attack (read attack as flaw in output), it is recommended to randomly rotate the image at a certain angle.
Undeniably, cloud offers more flexibility. Thanks to its elasticity, if there is a need for extra bandwidth, a cloud-based service can meet that demand instantly, rather than undergoing a complex (and expensive) infrastructure upgradation.
Data sharing to entities external to organisation gets easier with cloud. Customers no longer need permission to come inside the firewall and they can simply access the dashboards
Even if there is a new policy against the use of some metadata, there is no need to have any downtime as cloud makes it easier to meet government compliance requirements.
But, vulnerabilities such as discussed above, puts cloud services under a tight spot as the image processing tasks are quite crucial in machine learning task. From self driving cars to identifying cancer cells, images as data is almost ubiquitous. The recommendations made in this paper are supposed to highlight the drawbacks of cloud services while offering solutions for the same.
Read more about the work here.