Abstract: A system for performing an assessment of the robustness and resilience of an examined original ML model against model extraction attacks includes a computerized device having at least one processor, which is adapted to: train multiple candidate models MC with the external dataset D for each of the specified candidate learning algorithms a in Alg, where each candidate substitute model is trained on a subset of D corresponding to the evaluated ith query limit of the query budget constraint Q; evaluate the performance of each substitute model MC according to different evaluation methods ?Evaluation; and calculate the robustness of each substitute model, where smaller difference or high agreement/similarity rate between the performance of the original model and the substitute model indicates that the original and substitute models are similar to each other.

Abstract: A system for bias estimation in Artificial Intelligence (AI) models using a pre-trained unsupervised deep neural network, comprising a bias vector generator implemented by at least one processor that executes an unsupervised DNN with a predetermined loss function. The bias vector generator is adapted to store a given ML model to be examined, with predetermined features; store a test-set of one or more test data samples being input data samples; receive a feature vector consisting of one or more input samples; output a bias vector indicating the degree of bias for each feature, according to said one or more input samples. The system also comprises a post-processor which is adapted to receive a set of bias vectors generated by said bias vector generator; process said bias vectors; calculate a bias estimation for every feature of said ML model, based on predictions of said ML model; provide a final bias estimation for each examined feature.

Abstract: A system for the assessment of robustness and fairness of AI-based ML models, comprising a data/model profiler for creating an evaluation profile in the form of data and model profiles, based on the dataset and the properties of the ML model; a test recommendation engine that receives data and model profiles from the data/model profiler and recommends the relevant tests to be performed; a test repository that contains all the tests that can be examined; a test execution environment for gathering data related to all the tests that were recommended by the test recommendation engine; a final fairness score aggregation module for aggregating the executed tests results into a final fairness score of the examined model and dataset.

Abstract: A system for testing Machine Learning (ML) and deep learning models for robustness, and durability against adversarial bias and privacy attacks, comprising a Project Repository for storing metadata of ongoing projects each of which having a defined project policy, and created ML models and data sources being associated with the ongoing projects; a Secure Data Repository, for storing training and testing datasets and models used in each project for evaluating the robustness of the each project; a Data/Model Profiler for creating a profile, based on the settings and configurations of the datasets and the models; a Test Recommendation Engine for recommending the relevant and most indicative attacks/tests for each examined model and for creating indicative and effective test suites; a Test/Attack Ontology module for storing all attacks/tests with their metadata and mapping the attacks/tests to their corresponding settings and configurations; an Attack Repository for storing the implemented tests/attacks.

Abstract: Methods and systems for analyzing encrypted traffic, such as to identify, or “classify,” the user actions that generated the traffic. Such classification is performed, even without decrypting the traffic, based on features of the traffic. Such features may include statistical properties of (i) the times at which the packets in the traffic were received, (ii) the sizes of the packets, and/or (iii) the directionality of the packets. To classify the user actions, a processor receives the encrypted traffic and ascertains the types (or “classes”) of user actions that generated the traffic. Unsupervised or semi-supervised transfer-learning techniques may be used to perform the classification process. Using transfer-learning techniques facilitates adapting to different runtime environments, and to changes in the patterns of traffic generated in these runtime environments, without requiring the large amount of time and resources involved in conventional supervised-learning techniques.