Supply Chain Attacks

3min

AI supply chain attacks occur when an attacker modifies or replaces a machine learning library or model used by a system. This can also encompass alterations to the data associated with these machine learning models.  To start Working with the APIs, view the <POST> Supply Chain Attacks﻿.
Features
 Model and Notebook Detection
The system automatically recognizes AI/ML models and notebooks within a specified repository. 
Supported model file formats include h5, pickle, saved model (.pb), safetensor model (.safetensor), and PyTorch model files (.pt and .pth). 
Additionally, it supports Jupyter Notebooks (.ipynb), Python scripts (.py), and requirements files (.requirements.txt).
Scanning
The system conducts comprehensive scans of models and notebooks to identify potential safety and security concerns.
Report Generation
The system generates detailed reports that classify the scanned files based on risk levels: "low," "medium," "high," and "critical."
Supported Repositories
 AIShield Watchtower supports integration with GitHub and Hugging Face, enabling automated scanning of Git repositories and Hugging Face to detect potential risks.
﻿
User Interface (UI)
 Offers an intuitive user interface for conducting repository scans.
Parameter
Parameter
Data Type
Description
Remark
repo_type
String
The name of the repository that needs to be scanned. 
Please provide the name of the repository that needs to be scanned. accepted values are 'github', 'huggingface'. 
repo_url
String
Please provide the URL of the repository to be cloned. 
For huggingface you can provide either repository name or full url of repository.
branch_name
String
Please specify the branch of the repository to be analyzed 
If no branch is specified, the default branch 'main' will be used for the analysis. 
depth
Integer
Please specify the depth for cloning the repository 
The default depth is 1, which indicates that only the latest commit will be cloned. 
upload_file
String
Please specify 'yes' to upload files for vulnerability scanning; otherwise, specify 'no'. The default value is 'no'. 
If this parameter is set to 'yes', the 'model_files' parameter is required. 
model_id
String
Please provide the model ID to upload files to the correct location 
The "model ID" is obtained during model registration.
model_file
String
Please provide the filenames you want to upload, separated by commas. 
The model filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided. 
files
String
Please provide the filenames you want to upload, separated by commas. 
The filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided. 
﻿
API Usage
The API serve Dual Purposes
 When parameters such as 'repo_type', 'repo_url', 'branch_name', and 'depth' are provided, the API returns a JSON response containing two lists: detected_files and detected_models. These lists include all the models and files detected in the repository.
Text
{
    "detected_files": [
        "In/repo_dir/sample_notebook_files/classification_notebook.ipynb",
        "In/repo_dir/sample_notebook_files/generic.ipynb",
        "In/repo_dir/sample_notebook_files/prediction_notebook.ipynb",
        "In/repo_dir/sample_notebook_files/safe_notebook.ipynb",
        "In/repo_dir/sample_notebook_files/timeseries_notebook.ipynb"
    ],
    "detected_models": [
        "In/repo_dir/sample_model_files/model_99.h5",
        "In/repo_dir/sample_model_files/malicious_model_lambda.h5",
        "In/repo_dir/sample_model_files/sample_pickle.pkl",
        "In/repo_dir/sample_model_files/malicious_model_custom_layer.h5",
        "In/repo_dir/sample_model_files/model_01.h5",
        "In/repo_dir/sample_model_files/safe_model.h5",
        "In/repo_dir/sample_model_files/model_with_pickled_data.h5",
        "In/repo_dir/sample_model_files/pb_files/linear_model.pb",
        "In/repo_dir/sample_model_files/pb_files/malicious_model_read_modified.pb",
        "In/repo_dir/sample_model_files/pb_files/malicious_model_unsafe_write_modified.pb"
    ],
    "status": 200
}
{
    "detected_files": [
        "In/repo_dir/sample_notebook_files/classification_notebook.ipynb",
        "In/repo_dir/sample_notebook_files/generic.ipynb",
        "In/repo_dir/sample_notebook_files/prediction_notebook.ipynb",
        "In/repo_dir/sample_notebook_files/safe_notebook.ipynb",
        "In/repo_dir/sample_notebook_files/timeseries_notebook.ipynb"
    ],
    "detected_models": [
        "In/repo_dir/sample_model_files/model_99.h5",
        "In/repo_dir/sample_model_files/malicious_model_lambda.h5",
        "In/repo_dir/sample_model_files/sample_pickle.pkl",
        "In/repo_dir/sample_model_files/malicious_model_custom_layer.h5",
        "In/repo_dir/sample_model_files/model_01.h5",
        "In/repo_dir/sample_model_files/safe_model.h5",
        "In/repo_dir/sample_model_files/model_with_pickled_data.h5",
        "In/repo_dir/sample_model_files/pb_files/linear_model.pb",
        "In/repo_dir/sample_model_files/pb_files/malicious_model_read_modified.pb",
        "In/repo_dir/sample_model_files/pb_files/malicious_model_unsafe_write_modified.pb"
    ],
    "status": 200
}
﻿
When additional parameters such as 'upload_file', 'model_id', 'model_files', and 'files 'are included along with the above parameters, the API will upload the selected files to storage, allowing you to start model analysis. 
Text
{
    "file_upload_status": "Not Applicable",
    "model_upload_status": "successful",
    "status": 200
}
{
    "file_upload_status": "Not Applicable",
    "model_upload_status": "successful",
    "status": 200
}
﻿
Note: When 'upload_file' is set to 'yes', the 'model_id' and 'model_files' parameters are required. 'model_files' and 'files' parameters value to be selected from 'detected_files' and 'detected_models' list only.
Limitation
AIShield Watchtower currently supports only public Git and Huggingface repositories.
If a model fails to load, the associated risk is automatically classified as LOW.
Currently, we are unable to load PyTorch models that incorporate custom objects. This limitation specifically impacts models that have been designed with custom layers or functions not included in the standard PyTorch library. 
If you encounter a timeout error due to a repository link taking more than 29 seconds to clone, please wait for 5 minutes before proceeding to the next steps. Alternatively, you can try cloning a smaller repository. This issue is expected to be resolved in the next release.
We are unable to load all models from the safetensors or transformer-based categories. However, models that can be loaded from the following list are supported and function correctly. We plan to expand this list as we incorporate more model types:
Python
model_classes = [
    AutoModel, AutoModelForSequenceClassification, AutoModelForTokenClassification,
    AutoModelForQuestionAnswering, AutoModelForCausalLM, AutoModelForMaskedLM,
    AutoModelForSeq2SeqLM, AutoModelForMultipleChoice, AutoModelForImageClassification,
    AutoModelForImageSegmentation, AutoModelForVision2Seq, AutoModelForAudioClassification,
    AutoModelForDocumentQuestionAnswering
]
model_classes = [
    AutoModel, AutoModelForSequenceClassification, AutoModelForTokenClassification,
    AutoModelForQuestionAnswering, AutoModelForCausalLM, AutoModelForMaskedLM,
    AutoModelForSeq2SeqLM, AutoModelForMultipleChoice, AutoModelForImageClassification,
    AutoModelForImageSegmentation, AutoModelForVision2Seq, AutoModelForAudioClassification,
    AutoModelForDocumentQuestionAnswering
]
﻿
﻿
﻿
To access all sample artifacts, please visit Artifacts﻿. 
For specific artifact details,  refer 
Vulnerability Report : Vulnerability Report﻿ 
﻿

Parameter	Data Type	Description	Remark
repo_type	String	The name of the repository that needs to be scanned.	Please provide the name of the repository that needs to be scanned. accepted values are 'github', 'huggingface'.
repo_url	String	Please provide the URL of the repository to be cloned.	For huggingface you can provide either repository name or full url of repository.
branch_name	String	Please specify the branch of the repository to be analyzed	If no branch is specified, the default branch 'main' will be used for the analysis.
depth	Integer	Please specify the depth for cloning the repository	The default depth is 1, which indicates that only the latest commit will be cloned.
upload_file	String	Please specify 'yes' to upload files for vulnerability scanning; otherwise, specify 'no'. The default value is 'no'.	If this parameter is set to 'yes', the 'model_files' parameter is required.
model_id	String	Please provide the model ID to upload files to the correct location	The "model ID" is obtained during model registration.
model_file	String	Please provide the filenames you want to upload, separated by commas.	The model filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided.
files	String	Please provide the filenames you want to upload, separated by commas.	The filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided.

Updated 01 Aug 2024

Did this page help you?

Analyze your models

Image