-3

My question is simple: What steps should you take to protect research from the vast amount of spyware or insecure applications on a given device?

Background:

I do research into developing new models for machine learning applications. Security of this research is of high importance. This is because developing a new model can be a difficult, time consuming task. However once a new model is understood, all of the coding necessary to leverage the research is often trivial. So it can be stolen very easily.

It seems very possible that data mining could be used to identify researchers. After which spyware (which may well already be on a device) can be used to steal research.

My Solution so far:

I've been doing all of my testing on a newly wiped system that is entirely not connected nor ever connected to the internet (network card removed)

Other than that, I have encrypted all of the source as well as the entire hard drive separately using 7zip.

I'm not sure if this is enough.

poodledot
  • 1
  • 1
  • What/who is your threat? "Trendy" isn't descriptive enough. "Trendy" could mean "facebook for cats" or "enriched uranium while-u-wait". Each is going to have a vastly different threat profile. – whatsisname Nov 13 '19 at 21:37
  • I'm researching new models for machine learning applications – poodledot Nov 13 '19 at 21:40
  • @whatsisname The tricky thing is that as soon as the principles of the model and how it is different is understood, all of the coding is trivial. It's very easy to steal. – poodledot Nov 13 '19 at 21:43
  • 3
    Possible duplicate of [How to manage a Closed Source High-Risk Project?](https://softwareengineering.stackexchange.com/questions/10736/how-to-manage-a-closed-source-high-risk-project) – gnat Nov 13 '19 at 21:47
  • @gnat I'm not talking about protecting from other employees, I'm talking about protecting from spyware. – poodledot Nov 13 '19 at 21:55
  • @gnat question edited – poodledot Nov 13 '19 at 22:09
  • Spyware is mostly about gathering personal information so they can advertise more to you. Stealing data from a machine that's not even connected to the internet is the sort of thing you'd be worried about for highly classified military data. – Simon B Nov 14 '19 at 08:15
  • You're just paranoid (sorry to put it that bluntly.) Keep your machine malware-free with a reasonable amount of effort (i.e. use Windows defender or a non-Windows OS). Unless it's known to a possible adversary that you are working on intellectual property that could bring immense wealth when stolen you're just not a target of spearphishing. – Hans-Martin Mosner Nov 14 '19 at 09:25

1 Answers1

0

You are doing more than is prudent.

Machine learning models are cool and nifty, but without data to actually train them they're of little use to most people (read: 99.999999% of humanity). And without data to train them, it's really hard to tell if this research model is meaningfully better than things that are readily available - super hard if you don't have any expertise in the area.

The odds of you coming up with a hugely more effective model than state of the art is not very high (no offense, science in general tends to be more incremental than most people realize). The odds of someone targeting you specifically are fairly low, and using spyware as the attack vector is also not great. Combine that all, and this situation seems vanishingly small.

If your research was so valuable, I'd be more worried about some corporation showing up at your door with a car full of money and promises of glory. And honestly, if you're really worried about security, MegaCorps are really good at that too.

Telastyn
  • 108,850
  • 29
  • 239
  • 365
  • By "new models for applications" I meant literally that the model is for the application of ML to a given domain. I don't work on machine learning directly. I'm researching data extraction, interfaces, and ways that ML and users can interact in a more assisted manner. But the magic is in the model. With that, anyone could easily copy anything I come up with. – poodledot Nov 13 '19 at 23:04
  • @poodledot - meh, applying ML to a new domain isn't exactly a novel concept. All of the common discussions about how to protect intellectual property applies here (spoiler: with lawyers). – Telastyn Nov 14 '19 at 00:07