AI Psychiatry: Forensic Investigation of Deep Learning Networks in Memory Images
David Oygenblik, Carter Yagemann, Joseph Zhang, Arianna Mastali, Jeman Park, Brendan Saltaformaggio
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In an increasingly AI-driven world, the integrity and security of deep learning (DL) models are paramount, especially in safety-critical applications like autonomous vehicles. This talk, "AI Psychiatry: Forensic Investigation of Deep Learning Networks in Memory Images," presented by David Oygenblik and his collaborators at USENIX Security '24, introduces a novel memory forensics framework called **AI Psychiatry (APE)**. APE is designed to address a critical gap in current incident response capabilities for AI systems: the ability to forensically examine compromised or misbehaving DL models directly from system memory, particularly when those models are proprietary, encrypted, or subject to runtime modifications through online learning.
AI review
This research introduces APE, a novel memory forensics framework for deep learning models, directly addressing a critical gap in AI incident response for proprietary, encrypted, or dynamically updated systems. It enables the accurate recovery and rehosting of model structure and weights from memory images, providing an indispensable tool for post-incident analysis and independent security auditing. This is a foundational defensive innovation for securing AI systems in production.