AIJack: Let's Hijack AI! Security and Privacy Risk Simulator for Machine Learning

TL;DR

AIJack addresses the critical need to assess security and privacy risks in training and deploying ML models by providing a unified, extensible simulator. The framework supports evasion, poisoning, model inversion, and membership inference, along with privacy defenses such as differential privacy, k-anonymity, and homomorphic encryption, plus federated learning protocols including FedAVG, SplitNN, and FedMD. It combines a PyTorch-friendly API with a C++ backend and MPI support to enable scalable, realistic experiments across standard and federated ML. The open-source availability on GitHub aims to empower developers to rapidly test, compare countermeasures, and safely deploy ML systems in real-world settings.

Abstract

This paper introduces AIJack, an open-source library designed to assess security and privacy risks associated with the training and deployment of machine learning models. Amid the growing interest in big data and AI, advancements in machine learning research and business are accelerating. However, recent studies reveal potential threats, such as the theft of training data and the manipulation of models by malicious attackers. Therefore, a comprehensive understanding of machine learning's security and privacy vulnerabilities is crucial for the safe integration of machine learning into real-world products. AIJack aims to address this need by providing a library with various attack and defense methods through a unified API. The library is publicly available on GitHub (https://github.com/Koukyosyumei/AIJack).