Various example embodiments relate to improved robustness of artificial intelligence or machine learning capabilities against compromised input. More specifically, various example embodiments exemplarily relate to measures (including methods, apparatuses and computer program products) for realizing improved robustness of artificial intelligence or machine learning capabilities against compromised input.
The present specification generally relates to networks, more particularly mobile networks or cellular networks, providing and/or utilizing artificial intelligence (AI)/machine learning (ML) capabilities.
In present mobile networks or cellular networks, AI/ML algorithms are applied to be used for various network optimizations.
Such network optimizations include, for example, network energy saving, load balancing, and mobility optimization.
Network energy saving is an important use case which may involve different layers of the network, with mechanisms operating at different time scales. Cell activation/deactivation is an energy saving scheme in the spatial domain that exploits traffic offloading in a layered structure to reduce the energy consumption of the whole radio access network (RAN). When the expected traffic volume is lower than a fixed threshold, the cells may be switched off, and the served user equipments (UE) may be offloaded to a new target cell. Efficient energy consumption can also be achieved by other means such as reduction of load, coverage modification, or other RAN configuration adjustments. The optimal energy saving decision depends on many factors including the load situation at different RAN nodes, RAN nodes capabilities, key performance indicator (KPI)/quality of service (QoS) requirements, number of active UEs, UE mobility, cell utilization, etc.
The objective of load balancing is to distribute load evenly among cells and among areas of cells, or to transfer part of the traffic from congested cells or from congested areas of cells, or to offload users from one cell, cell area, carrier, or radio access technology (RAT) to improve network performance. This can be done by means of optimization of handover parameters and handover actions. The automation of such optimization can provide high quality user experience, while simultaneously improving the system capacity and also to minimize human intervention in the network management and optimization tasks.
Mobility optimization is a scheme to guarantee service-continuity during the mobility by minimizing the call drops, radio link failures (RLF), unnecessary handovers, and handover ping-pong. For the applications characterized with the stringent QoS requirements such as reliability, latency etc., the quality of experience (QoE) is sensitive to the handover performance, so that mobility management should avoid unsuccessful handover and reduce the latency during handover procedure. However, for the conventional method, it is challengeable for trial-and-error-based scheme to achieve nearly zero-failure handover. The unsuccessful handover cases are the main reason for packet dropping or extra delay during the mobility period, which is unexpected for the packet-drop-intolerant and low-latency applications. In addition, the effectiveness of adjustment based on feedback may be weak due to randomness and inconstancy of transmission environment.
One property of such AI/ML algorithms is that data received/retrieved from various network entities is utilized by the AI/ML algorithms. In particular, different inputs from UEs (like RLF reports, minimization of drive tests (MDT) reports, etc.) can be consumed by various AI/ML algorithms.
The various network entities include, for example, UEs (e.g. terminals), which are out of access by network operators or network infrastructure equipment producers.
Currently, due to provisioning of UEs to actively contribute to the AI/ML operations, various attack scenarios can be envisioned especially when the involved UEs are compromised.
For instance,
While UE abnormal behavior may be detected, no mechanism to detect compromised UEs which are attacking the AI/ML services using false/manipulated training data or hyperparameters exists.
However, if any of the involved UEs is compromised, it is likely that this compromised UEs' inputs negatively impact the AI/ML algorithms, and, subsequently, affect the automated network optimizations that rely on these algorithms.
Such compromised UEs may impact, for example
Hence, the problem arises that mobile networks or cellular networks utilizing AI/ML algorithms for various network optimizations are vulnerable with respect to compromised network entities' inputs and in particular with respect to (the inputs of) compromised UEs.
Hence, there is a need to provide for improved robustness of artificial intelligence or machine learning capabilities against compromised input.
Various example embodiments aim at addressing at least part of the above issues and/or problems and drawbacks.
Various aspects of example embodiments are set out in the appended claims.
According to an exemplary aspect, there is provided a method of a radio access network entity, the method comprising receiving, from a first machine learning model training data collection entity, first machine learning model training input data, analyzing said first machine learning model training input data for malicious input detection, deducing, based on a result of said analyzing, whether said first machine learning model training data collection entity is suspected to be compromised, and transmitting, if said first machine learning model training data collection entity is suspected to be compromised, information to a core network entity indicative of that said first machine learning model training data collection entity is suspected to be compromised.
According to an exemplary aspect, there is provided a method of a core network entity, the method comprising receiving, from a first radio access network entity, information indicative of that a first machine learning model training data collection entity is suspected to be compromised, receiving information indicative of that said first machine learning model training data collection entity is handed over towards a second radio access network entity, and transmitting, to said second radio access network entity, information indicative of that said first machine learning model training data collection entity is suspected to be compromised.
According to an exemplary aspect, there is provided a method of a machine learning model training entity, the method comprising receiving, from a plurality of machine learning model training data collection entities, machine learning model training input data and/or machine learning model hyperparameter data, transmitting, towards an analytics service provider entity, a subscription request for malicious input detection analysis results, receiving, from said analytics service provider entity, a subscription request for machine learning model training related information, and transmitting, towards said analytics service provider entity, said machine learning model training related information.
According to an exemplary aspect, there is provided a method of an analytics service provider entity, the method comprising receiving, from a machine learning model training entity, a subscription request for malicious input detection analysis results, transmitting, to said machine learning model training entity, a subscription request for machine learning model training related information, and receiving, from said machine learning model training entity, said machine learning model training related information.
According to an exemplary aspect, there is provided an apparatus of a radio access network entity, the apparatus comprising receiving circuitry configured to receive, from a first machine learning model training data collection entity, first machine learning model training input data, analyzing circuitry configured to analyze said first machine learning model training input data for malicious input detection, deducing circuitry configured to deduce, based on a result of said analyzing, whether said first machine learning model training data collection entity is suspected to be compromised, and transmitting circuitry configured to transmit, if said first machine learning model training data collection entity is suspected to be compromised, information to a core network entity indicative of that said first machine learning model training data collection entity is suspected to be compromised.
According to an exemplary aspect, there is provided an apparatus of a core network entity, the apparatus comprising receiving circuitry configured to receive, from a first radio access network entity, information indicative of that a first machine learning model training data collection entity is suspected to be compromised, and to receive information indicative of that said first machine learning model training data collection entity is handed over towards a second radio access network entity, and transmitting circuitry configured to transmit, to said second radio access network entity, information indicative of that said first machine learning model training data collection entity is suspected to be compromised.
According to an exemplary aspect, there is provided an apparatus of a machine learning model training entity, the apparatus comprising receiving circuitry configured to receive, from a plurality of machine learning model training data collection entities, machine learning model training input data and/or machine learning model hyperparameter data, and transmitting circuitry configured to transmit, towards an analytics service provider entity, a subscription request for malicious input detection analysis results, wherein said receiving circuitry is configured to receive, from said analytics service provider entity, a subscription request for machine learning model training related information, and said transmitting circuitry is configured to transmit, towards said analytics service provider entity, said machine learning model training related information.
According to an exemplary aspect, there is provided an apparatus of an analytics service provider entity, the apparatus comprising receiving circuitry configured to receive, from a machine learning model training entity, a subscription request for malicious input detection analysis results, and transmitting circuitry configured to transmit, to said machine learning model training entity, a subscription request for machine learning model training related information, wherein said receiving circuitry is configured to receive, from said machine learning model training entity, said machine learning model training related information.
According to an exemplary aspect, there is provided an apparatus of a radio access network entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform receiving, from a first machine learning model training data collection entity, first machine learning model training input data, analyzing said first machine learning model training input data for malicious input detection, deducing, based on a result of said analyzing, whether said first machine learning model training data collection entity is suspected to be compromised, and transmitting, if said first machine learning model training data collection entity is suspected to be compromised, information to a core network entity indicative of that said first machine learning model training data collection entity is suspected to be compromised.
According to an exemplary aspect, there is provided an apparatus of a core network entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform receiving, from a first radio access network entity, information indicative of that a first machine learning model training data collection entity is suspected to be compromised, receiving information indicative of that said first machine learning model training data collection entity is handed over towards a second radio access network entity, and transmitting, to said second radio access network entity, information indicative of that said first machine learning model training data collection entity is suspected to be compromised.
According to an exemplary aspect, there is provided an apparatus of a machine learning model training entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform receiving, from a plurality of machine learning model training data collection entities, machine learning model training input data and/or machine learning model hyperparameter data, transmitting, towards an analytics service provider entity, a subscription request for malicious input detection analysis results, receiving, from said analytics service provider entity, a subscription request for machine learning model training related information, and transmitting, towards said analytics service provider entity, said machine learning model training related information.
According to an exemplary aspect, there is provided an apparatus of an analytics service provider entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform receiving, from a machine learning model training entity, a subscription request for malicious input detection analysis results, transmitting, to said machine learning model training entity, a subscription request for machine learning model training related information, and receiving, from said machine learning model training entity, said machine learning model training related information.
According to an exemplary aspect, there is provided an apparatus comprising means for performing the method according to any one of the aforementioned method-related exemplary aspects of the present disclosure.
According to an exemplary aspect, there is provided a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus to perform the method according to any one of the aforementioned method-related exemplary aspects of the present disclosure.
According to an exemplary aspect, there is provided a computer program product comprising computer-executable computer program code which, when the program is run on a computer (e.g. a computer of an apparatus according to any one of the aforementioned apparatus-related exemplary aspects of the present disclosure), is configured to cause the computer to carry out the method according to any one of the aforementioned method-related exemplary aspects of the present disclosure.
Such computer program product may comprise (or be embodied) a (tangible) computer-readable (storage) medium or the like on which the computer-executable computer program code is stored, and/or the program may be directly loadable into an internal memory of the computer or a processor thereof.
Any one of the above aspects enables efficient countermeasures against inputs of compromised network entities', their influence on such AI/ML algorithms utilized in (e.g.) mobile/cellular networks, and their influence on network optimizations utilizing such AI/ML algorithms, to thereby solve at least part of the problems and drawbacks identified in relation to the prior art.
By way of example embodiments, there is provided improved robustness of artificial intelligence or machine learning capabilities against compromised input. More specifically, by way of example embodiments, there are provided measures and mechanisms for realizing improved robustness of artificial intelligence or machine learning capabilities against compromised input.
Thus, improvement is achieved by methods, apparatuses and computer program products enabling/realizing improved robustness of artificial intelligence or machine learning capabilities against compromised input.
In the following, the present disclosure will be described in greater detail by way of non-limiting examples with reference to the accompanying drawings, in which
The present disclosure is described herein with reference to particular non-limiting examples and to what are presently considered to be conceivable embodiments. A person skilled in the art will appreciate that the disclosure is by no means limited to these examples, and may be more broadly applied.
It is to be noted that the following description of the present disclosure and its embodiments mainly refers to specifications being used as non-limiting examples for certain exemplary network configurations and deployments. Namely, the present disclosure and its embodiments are mainly described in relation to 3GPP specifications being used as non-limiting examples for certain exemplary network configurations and deployments. As such, the description of example embodiments given herein specifically refers to terminology which is directly related thereto. Such terminology is only used in the context of the presented non-limiting examples, and does naturally not limit the disclosure in any way. Rather, any other communication or communication related system deployment, etc. may also be utilized as long as compliant with the features described herein.
Hereinafter, various embodiments and implementations of the present disclosure and its aspects or embodiments are described using several variants and/or alternatives. It is generally noted that, according to certain needs and constraints, all of the described variants and/or alternatives may be provided alone or in any conceivable combination (also including combinations of individual features of the various variants and/or alternatives).
According to example embodiments, in general terms, there are provided measures and mechanisms for (enabling/realizing) improved robustness of artificial intelligence or machine learning capabilities against compromised input.
Data collection as referred to herein means a function that provides input data to AI/ML model training and AI/ML model inference functions. AI/ML algorithm specific data preparation (e.g., data pre-processing and cleaning, formatting, and transformation) is not carried out in the data collection function.
Examples of input data may include measurements from UEs or different network entities, feedback from an actor, output from an AI/ML model:
Model training as referred to herein means a function that performs the AI/ML model training, validation, and testing which may generate model performance metrics as part of the model testing procedure. The model training function is also responsible for data preparation (e.g., data pre-processing and cleaning, formatting, and transformation) based on training data delivered by a data collection function, if required. Model deployment/update is used to initially deploy a trained, validated, and tested AI/ML model to the model inference function or to deliver an updated model to the model inference function.
Model inference as referred to herein means a function that provides AI/ML model inference output (e.g., predictions or decisions). A model inference function may provide model performance feedback to a model training function when applicable. The model inference function is also responsible for data preparation (e.g., data pre-processing and cleaning, formatting, and transformation) based on inference data delivered by a data collection function, if required. An output of a model inference function is the inference output of the AI/ML model produced by a model inference function. Model performance feedback may be used for monitoring the performance of the AI/ML model, when available.
Actor as referred to herein means a function that receives the output from the model inference function and triggers or performs corresponding actions. The actor may trigger actions directed to other entities or to itself. Feedback from an actor is information that may be needed to derive training data, inference data or to monitor the performance of the AI/ML model and its impact to the network through updating of KPIs and performance counters.
Hyperparameters (model hyperparameters) as referred to herein mean a configuration that is external to the model and whose value cannot be estimated from data.
Hyperparameters are often used in processes to help estimate model parameters. Hyperparameters are often specified by the practitioner. Hyperparameters can often be set using heuristics. Hyperparameters are often tuned for a given predictive modeling problem.
As mentioned above, mobile/cellular networks utilizing AI/ML algorithms for various network optimizations are vulnerable with respect to compromised network entities' inputs and in particular with respect to (the inputs of) compromised UEs, as, dependent on the utilization of the inputs and the deviated network optimizations and the respective use cases, these potentially malicious inputs may have substantial impacts on the network operation.
This may even be amplified in view of the RAN's ability to share (compromised) UE information with each other, i.e., among entities of the RAN. For example, the RAN does not understand the subscription permanent identifier (SUPI) as a UE identity. The RAN just knows context (next generation (NG) context), and context to SUPI mapping is available only in the access and mobility management function (AMF).
Therefore, as a concrete example, if a gNB1 detects a UE with an identifier “NG Context-1” as not behaving correctly or as being compromised, then this “NG Context-1” has no meaning in the other gNBs, which, consequently cannot identify the UE being the source of potentially malicious information as a UE detected as not behaving correctly or as being compromised.
As a further concrete example, if the UE is identified as malicious UE at a gNB1, then the UE detaches and attaches back again at gNB2, then for gNB2, this is a fresh UE and previous analysis from gNB1 (including its identification as being malicious) will be lost.
Hence, in brief, according to example embodiments, measures to detect inputs received from compromised UEs towards AI/ML algorithms being used for various network optimizations is provided.
In particular, according to example embodiments, anomaly detection is applied during the pre-processing of data received by AI/ML algorithms.
This measure can detect clear outliers from the input data and eliminate the possible bias of input data in the pre-processing phase of AI/ML algorithms.
Further, according to example embodiments, the data received from UEs in similar locations are statistically correlated to detect slow biases from compromised UEs.
Namely, it is likely that compromised UEs intend to introduce slow biases in the input data consumed by AI/ML algorithms. Such slow biases can be difficult to detect and can affect the AI/ML based network optimizations. According to example embodiments, this measure, i.e., comparing the statistics of the input data received from various UEs in similar locations can help to identify such slow drifts in the data.
Further, according to example embodiments, for model trainings happening on multiple RAN nodes for the same network optimization, or for model trainings happening on a RAN Node and an operations, administration and maintenance (OAM) node for the same network optimization, the analysis done according to measures steps mentioned above (anomaly detection during pre-processing, statistical correlation) can be shared between the entities performing model trainings.
According to example embodiments, further, information on malicious UE behavior (e.g. specific to a particular model or particular analytics (e.g. “model X”/“analytics X”)) is shared to other network nodes, in particular other gNBs.
As a concrete example, when a gNB1 detects that the UE (context ID) is malicious, the gNB1 informs the AMF thereof. According to example embodiments, the AMF identifies the SUPI and marks the corresponding UE Context that the UE is not behaving correctly for the particular model or particular analytics (e.g. “model X”/“analytics X”).
Alternatively, according to example embodiments, the AMF obtains this information about the malicious UE from a network data analytics function (NWDAF) or the OAM for the particular model or particular analytics (e.g. “model X”/“analytics X”).
As a result, according to example embodiments, during the handover or UE attach phase, the AMF notifies the other gNB (to which the UE is handed over or to which the UE is attached) that this UE (UE Context) should not be considered for the particular model or particular analytics (e.g. “model X”/“analytics X”).
Example embodiments are specified below in more detail.
As shown in
In an embodiment at least some of the functionalities of the apparatus shown in
According to a variation of the procedure shown in
According to a variation of the procedure shown in
According to a variation of the procedure shown in
According to a variation of the procedure shown in
According to such variation, an exemplary method according to example embodiments may comprise an operation of negotiating a handover decision for a third second machine learning model training data collection entity towards said radio access network entity, an operation of receiving, from said core network entity, information indicative of that said third machine learning model training data collection entity is suspected to be compromised, and an operation of setting to ignore third machine learning model training input data from said third machine learning model training data collection entity.
According to further example embodiments, said machine learning model training data collection entity comprises a user equipment, is a user equipment, or is comprised in a user equipment.
As shown in
In an embodiment at least some of the functionalities of the apparatus shown in
According to a variation of the procedure shown in
According to a variation of the procedure shown in
According to further example embodiments, said first machine learning model training data collection entity comprises a user equipment, is a user equipment, or is comprised in a user equipment.
As shown in
In an embodiment at least some of the functionalities of the apparatus shown in
Therefore, the apparatus may be seen to depict the operational entity comprising one or more physically separate devices for executing at least some of the described processes.
According to further example embodiments, said machine learning model training related information includes at least one of
According to a variation of the procedure shown in
According to such variation, an exemplary method according to example embodiments may comprise an operation of receiving, from said analytics service provider entity, said malicious input detection analysis results.
According to further example embodiments, said malicious input detection analysis results include at least one of
According to further example embodiments, said machine learning model training data collection entity comprises a user equipment, is a user equipment, or is comprised in a user equipment.
According to further example embodiments, said machine learning model training entity comprises a network function service consumer, is a network function service consumer, or is comprised in a network function service consumer.
As shown in
In an embodiment at least some of the functionalities of the apparatus shown in
According to further example embodiments, said machine learning model training related information includes at least one of
According to a variation of the procedure shown in
According to a variation of the procedure shown in
According to further example embodiments, said malicious input detection analysis results include at least one of
According to a variation of the procedure shown in
According to further example embodiments, said machine learning model training entity comprises a user equipment, is a user equipment, or is comprised in a user equipment.
According to further example embodiments, said analytics service provider entity comprises a network data analytics function, is a network data analytics function, or is comprised in a network data analytics function.
Example embodiments outlined and specified above are explained below in more specific terms.
In
The intention of this compromised UE is to send corrupted model training data to both NG-RANs, which could result in corruption of the models in the NG-RANs. “NG-RAN node 1” and “NG-RAN node 2” are assumed to have the AI/ML model training functionality.
In a step 1 of
In a step 2 of
In a step 3 of
In a step 4 of
In a step 5 of
In a step 6 of
According to example embodiments, the measures of steps 5 and 6 of
In a step 7 of
In steps 8 and 9 of
In a step 10 of
In a step 11 of
In a step 12 of
In steps 13 and 14 of
In a step 15 of
In a step 16 of
In a step 17 of
In a step 18 of
As the AMF/Core is aware of UEs behaving malicious for a particular analytics/model (e.g. “analytics X”/“model X”), when such a UE freshly attaches to the gNB where the particular analytics/model (e.g. “analytics X”/“model X”) is running, according to example embodiments, the AMF informs the gNB to exclude the UE for the particular analytics/model (e.g. “analytics X”/“model X”).
According to further example embodiments, the NG-RAN node 2 exchanges the data pre-processor information with respect to the UE specific data validity. This pre-processor information needs to be exchanged via the core network (e.g. AMF). If the particular models exist in multiple NG-RAN nodes, then the data pre-processor can exchange the information about the UE specific training data validity and enhance the data pre-processor to detect the compromised UEs.
In a step 1 of
In a step 2 of
In a step 3 of
In a step 4a of
Alternatively or in addition, in a step 4b of
In a step 5 of
In a step 6 of
In a step 7 of
In a step 8 of
It is noted that currently the FL happens between UE and a third-party AF, and the above explanation is primarily directed to such scenario. However, example embodiments as explained above are also applicable to deviating scenarios, e.g. when the FL happens in later releases between the UE and 5G Core NFs.
According to example embodiments, advantageously, compromised UEs attempting to send corrupt data towards AI/ML services can be detected, and input from such devices can be ignored. This can help eliminating any negative impacts of compromised UEs on AI/ML based network optimizations.
According to example embodiments, advantageously, if possible, such devices, i.e., compromised UEs attempting to send corrupt data towards AI/ML services, can be isolated.
The above-described procedures and functions may be implemented by respective functional elements, processors, or the like, as described below.
In the foregoing exemplary description of the network entity, only the units that are relevant for understanding the principles of the disclosure have been described using functional blocks. The network entity may comprise further units that are necessary for its respective operation. However, a description of these units is omitted in this specification. The arrangement of the functional blocks of the devices is not construed to limit the disclosure, and the functions may be performed by one block or further split into sub-blocks.
When in the foregoing description it is stated that the apparatus, i.e. network node or entity (or some other means) is configured to perform some function, this is to be construed to be equivalent to a description stating that a (i.e. at least one) processor or corresponding circuitry, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function. Also, such function is to be construed to be equivalently implementable by specifically configured circuitry or means for performing the respective function (i.e. the expression “unit configured to” is construed to be equivalent to an expression such as “means for”).
In
The processor 131 and/or the interface 133 may also include a modem or the like to facilitate communication over a (hardwire or wireless) link, respectively. The interface 133 may include a suitable transceiver coupled to one or more antennas or communication means for (hardwire or wireless) communications with the linked or connected device(s), respectively. The interface 133 is generally configured to communicate with at least one other apparatus, i.e. the interface thereof.
The memory 132 may store respective programs assumed to include program instructions or computer program code that, when executed by the respective processor, enables the respective electronic device or apparatus to operate in accordance with the example embodiments.
In general terms, the respective devices/apparatuses (and/or parts thereof) may represent means for performing respective operations and/or exhibiting respective functionalities, and/or the respective devices (and/or parts thereof) may have functions for performing respective operations and/or exhibiting respective functionalities.
When in the subsequent description it is stated that the processor (or some other means) is configured to perform some function, this is to be construed to be equivalent to a description stating that at least one processor, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function. Also, such function is to be construed to be equivalently implementable by specifically configured means for performing the respective function (i.e. the expression “processor configured to [cause the apparatus to] perform xxx-ing” is construed to be equivalent to an expression such as “means for xxx-ing”).
According to example embodiments, an apparatus representing the network node or entity 10 comprises at least one processor 131, at least one memory 132 including computer program code, and at least one interface 133 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 131, with the at least one memory 132 and the computer program code) is configured to perform receiving, from a first machine learning model training data collection entity, first machine learning model training input data (thus the apparatus comprising corresponding means for receiving), to perform analyzing said first machine learning model training input data for malicious input detection (thus the apparatus comprising corresponding means for analyzing), to perform deducing, based on a result of said analyzing, whether said first machine learning model training data collection entity is suspected to be compromised (thus the apparatus comprising corresponding means for deducing), and to perform transmitting, if said first machine learning model training data collection entity is suspected to be compromised, information to a core network entity indicative of that said first machine learning model training data collection entity is suspected to be compromised (thus the apparatus comprising corresponding means for transmitting).
According to example embodiments, an apparatus representing the network node or entity 30 comprises at least one processor 131, at least one memory 132 including computer program code, and at least one interface 133 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 131, with the at least one memory 132 and the computer program code) is configured to perform receiving, from a first radio access network entity, information indicative of that a first machine learning model training data collection entity is suspected to be compromised (thus the apparatus comprising corresponding means for receiving), to perform receiving information indicative of that said first machine learning model training data collection entity is handed over towards a second radio access network entity, and to perform transmitting, to said second radio access network entity, information indicative of that said first machine learning model training data collection entity is suspected to be compromised (thus the apparatus comprising corresponding means for transmitting).
According to example embodiments, an apparatus representing the network node or entity comprises at least one processor 131, at least one memory 132 including computer program code, and at least one interface 133 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 131, with the at least one memory 132 and the computer program code) is configured to perform receiving, from a plurality of machine learning model training data collection entities, machine learning model training input data and/or machine learning model hyperparameter data (thus the apparatus comprising corresponding means for receiving), to perform transmitting, towards an analytics service provider entity, a subscription request for malicious input detection analysis results (thus the apparatus comprising corresponding means for transmitting), to perform receiving, from said analytics service provider entity, a subscription request for machine learning model training related information, and to perform transmitting, towards said analytics service provider entity, said machine learning model training related information.
According to example embodiments, an apparatus representing the network node or entity comprises at least one processor 131, at least one memory 132 including computer program code, and at least one interface 133 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 131, with the at least one memory 132 and the computer program code) is configured to perform receiving, from a machine learning model training entity, a subscription request for malicious input detection analysis results (thus the apparatus comprising corresponding means for receiving), to perform transmitting, to said machine learning model training entity, a subscription request for machine learning model training related information (thus the apparatus comprising corresponding means for transmitting), and to perform receiving, from said machine learning model training entity, said machine learning model training related information.
For further details regarding the operability/functionality of the individual apparatuses, reference is made to the above description in connection with any one of
For the purpose of the present disclosure as described herein above, it should be noted that
In general, it is to be noted that respective functional blocks or elements according to above-described aspects can be implemented by any known means, either in hardware and/or software, respectively, if it is only adapted to perform the described functions of the respective parts. The mentioned method steps can be realized in individual functional blocks or by individual devices, or one or more of the method steps can be realized in a single functional block or by a single device.
Generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the present disclosure. Devices and means can be implemented as individual devices, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device is preserved. Such and similar principles are to be considered as known to a skilled person.
Software in the sense of the present description comprises software code as such comprising code means or portions or a computer program or a computer program product for performing the respective functions, as well as software (or a computer program or a computer program product) embodied on a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.
The present disclosure also covers any conceivable combination of method steps and operations described above, and any conceivable combination of nodes, apparatuses, modules or elements described above, as long as the above-described concepts of methodology and structural arrangement are applicable.
In view of the above, there are provided measures for improved robustness of artificial intelligence or machine learning capabilities against compromised input. Such measures exemplarily comprise receiving, from a first machine learning model training data collection entity, first machine learning model training input data, analyzing said first machine learning model training input data for malicious input detection, deducing, based on a result of said analyzing, whether said first machine learning model training data collection entity is suspected to be compromised, and transmitting, if said first machine learning model training data collection entity is suspected to be compromised, information to a core network entity indicative of that said first machine learning model training data collection entity is suspected to be compromised.
Even though the disclosure is described above with reference to the examples according to the accompanying drawings, it is to be understood that the disclosure is not restricted thereto. Rather, it is apparent to those skilled in the art that the present disclosure can be modified in many ways without departing from the scope of the inventive idea as disclosed herein.
Number | Date | Country | Kind |
---|---|---|---|
202241044885 | Aug 2022 | IN | national |