Protecting CoreML models against piracy - xcode

A lot of time goes into building a good machine learning model. When it is then converted to a CoreML model and shipped with an iOS app, supposedly it will be rather easy to extract it from the app that is available for download on the App Store, right?
Any ideas on how to make the extraction at least a little bit harder?

It is really easy to extract the mdoel from the app. Just copy-paste the mlmodelc folder into your own app and you can use the model.
To protect the model you'll have to encrypt it in some way. There is no easy API for this.
You may want to weigh the effort of protecting your models against the risk. What is the likelihood someone will steal your model?
Your model is your intellectual property. If you find that another app is using your model, they are infringing your IP rights and you can sue them for damages. That in itself should already be a deterrent against people stealing your model.

Found a research paper 'Protect your Deep Neural Networks from Piracy' by Mingliang Cheng and Min Wu (paper on researchgate.net) that looks very promising.

Related

What are the steps of using historical chat data in RASA

There's a crucial part in the process that says, the best place for the chatbot to learn is from real users, what if I already have that data, and would like to test the model on it.
Think of Interactive Learning, but in scale and possibly automated. Does such a feature already exist within RASA?
Think of Interactive Learning, but in scale and possibly automated.
Are you referring to something like reinforcement learning? Unfortunately something like that currently doesn't exist. Measuring the success of conversations is a tough problem (e.g. some users might give you positive feedback when the bot solved their problem, while others would simply leave the conversation). Something like external business metrics could do the trick (e.g. whether the user turned out buying something from you within the next 24h), but it's still hard. Another problem is that you probably want to have some degree of control over how your chatbot interacts with your users. Training the bot on user conversations without any double checking could potentially lead to problems (e.g. Microsoft once had an AI trained on Twitter data, which didn't turn out well).
Rasa is offering Rasa X for learning from real conversations. The community edition is a free, closed source product which helps you monitor and annotate real user conversations quickly.
Disclaimer: I am a software engineer working at Rasa.

Wondering who gets to see my source/data in the cloud

Let us assume I have few ideas that I don't want stolen and I am willing to pay a reasonable price.
There are instances like this:
http://www.pcmag.com/article2/0,2817,2369188,00.asp
or the facebook story, or the early apple/xerox story.
which could happen in cloud services like ec2, heroku, linode, azure etc.
Assuming I have a good mix of interpreted/compiled code, how can I protect my source and ideas from being stolen? I know I am not really idea rich nor is there some source thief on the loose. I just have this nagging feeling about putting source code in the cloud, which I am sure some of you also have or didn't care much about.
Would disk encryption help? What are my choices (other than building my own mini data center?)
If you are hosting your code in the cloud at some point you will need to trust your host. Otherwise you'll be doing the hosting yourself. True, any host that has your code may be able to take the code and use it, but if you choose a host that seems trustworthy, has a good reputation, and many other satisfied customers you can probably wager that your code will be secure.
Encrypting things on disk might help - it depends what you're encrypted and how you use it. Do you need your data to be unencrypted at some point to work on it? Is your data only transferred from one place to another? How much damage could an adversary do if they got a hold of your data?
You may be interested in this answer, which outlines several options.

getting started with Single Sign On / Windows Authentication

First off, The Problem:
We have a Web App with a Flash front-end that talks to our ASP.NET web service via SOAP which then deals with all of our server side code (C#).
Right now, we implement a simple user sign on in our application, storing the info in our MSSQL DB.
A client has requested what I understand to be Windows authentication through our application using the currently logged in user.
So, I have been tasked with investigating this. Nobody, including myself, has any experience in this area.
I have been reading up on some basic Active Directory information, and some simple tutorials. I understand how to get access to the directory using ADSI through code. What I'm really interested in seeing is how the entire thing should be architected. I don't want to throw together a hacky solution.
Does anyone know of a good tutorial for this kind of thing or have any advice on getting started? More importantly, does this even sound viable?
I know I haven't given much information, but feel free to ask and I will provide answers.
Thanks.
Edit:
Will, to give you an idea of the scope of this, the network will include every computer in a large hospital. So yes, this is huge. Clearly I need to start small. I would like to come up with something that will work at my office first. Maybe ~10 Windows computers on a single domain. One Domain Controller.
I am also open to any good books on the subject.
If you are going to tie into Active Directory you will want to take a look at the System.DirectoryServices namespace. The implementations can vary wildly depending on your system architecture, but this should give you a good starting point.
Enjoy!

Do you think ASP.Net Dynamic Data is worth it?

At the risk of sounding misinformed, I'm under the belief that this is basically useful for RAD and fast sketching of an application.
It feels somewhat Ruby-esque in the sense that it scaffolds pretty much everything you need from a CRUD application. Easier work for us, right; and most people are none the wiser.
I'm fairly green in the workplace, I just start working at an actual job as a developer (cubicles and free coffee) so my opinions might be a bit on the green side, but I'd love some comments from more senior people.
Is this somewhere between MVC2(basic scaffolding) and Microsoft Lightswitch(wizard-driven development)? Is it worth ivesting in?
Personally I like to use Dynamic Data for admin pages, those pages that nobody actually gets to see but need to be there in a usable way for some admin user. In the past those used to take quite some effort on the dev team to craft together but with Dynamic Data it's an almost out of the box experience.
I suggest you take a look at Tailspin travel which is an application in MVC 2 but uses Dynamic Data, integrated in the same UI project, for the admin side.
I was skeptical at first, but now I use Dynamic Data almost as much as I do "standard" ASP.NET sites. Out of the box, it's pretty generic, but it's customizable, and you can include standard ASP.NET pages in it.
At first, I would use it as a separate Admin site when I needed a "back door" into the data from a "standard" app. Lately, however, my approach has been to do some more planning, and decide which of the tables I would like users to access via the Dynamic Data mechanisms, and which data I want more fine control over. You can scaffold only the table you want, and this works good for "lookup" tables where you want an end user to be able to add/delete. An example would be in our email coupon program, where customers can sign up to receive coupons via email. They can choose their coupon categories - hot foods, beverages, gas, produce, etc. The administrator of the overall coupon program needs to be able to add and remove categories, and Dynamic Data is WONDERFUL for this sort of thing.
Dynamic data takes care of the data validation (a huge plus for security AND usability), mapping our relationships (a HUGE time saver) and just "does it right". In the business environment, security and productivity are two very real concerns that are handled poorly by most developers, and Dynamic Data seems to handle the basics well.
So yes, I do think it's worth it. It's very powerful and an excellent tool to have in your toolbox, but one that should be wielded with skill, which takes time and practice. And it should not be the only tool in your toolbox.
One of the best uses I've heard for Dynamic Data was to quickly build up an Django-like admin section for a site. It doesn't have to be "perfect" since it isn't aimed at users, but it does give you some nice usability quickly and easily.
I know very little about it but it doesn't sounds like something I would consider. Whenever I work on a an application we tend to follow some basic architectural guidelines such as layering/reusability etc. Typically I tend to get away from shortcut tools/frameworks as this one. There are a lot of "neat" tools that are available in the .NET world that have their place in certain small business/internal app space perhaps, but are not a great idea for a well designed application. For example embedding SQL into the datasource controls that can be bound directly to GridViews, etc.

How can I get some outside input on my web app's robustness?

I am looking to get some outside eyes to do black-box testing on a simple webform-based experiment/game I made. uTest looks very good, but it's aimed at companies with lots of cash, whereas my app is just a small-time academic research project. I want to make sure that my app won't break easily, and that it's resistant against basic reverse engineering/manipulation. This is not a mission critical project, since there are no financial transactions or exchanges of confidential data taking place. However, I might eventually give out small prizes to people based on their scores, and I don't want cheaters to come out ahead.
Any suggestions for affordable black box testing?
You could try Chorizo. It's free for one host. It's primarily aimed at PHP apps but you can use it to test any kind of website for XSS and similar vulnerabilities. Just requires you to verify that you are the owner and then you setup a proxy and start browsing.

Resources