# Chapter 1: Introduction to AI Security - Hands-On Lab

Welcome to your first hands-on experience with AI security! This interactive lab complements the Chapter 1 lecture by giving you practical experience with real AI security concepts.

## 🎯 Lab Objectives (30-45 minutes)
By completing this lab, you will:
- **Experience AI as both a security tool and security target** through hands-on exercises
- **Implement basic AI security controls** including input validation and monitoring
- **Identify security vulnerabilities** in a real machine learning model
- **Apply the AI Security Framework** covered in the lecture slides
- **Understand why traditional security isn't enough** for AI systems

## 🚀 What You'll Build
1. **A fraud detection AI system** that demonstrates real-world security challenges
2. **Security wrapper** with input validation, rate limiting, and monitoring
3. **Security assessment dashboard** to track threats and model behavior
4. **Mini penetration test** against your own AI model

## 📋 Prerequisites
- Basic understanding of machine learning concepts
- Familiarity with Python programming
- Completion of Chapter 1 lecture slides

## ⚠️ Lab Safety Note
This lab uses synthetic data and simulated attacks in a safe environment. The techniques demonstrated here should only be used for educational purposes and authorized security testing.

Let's begin!

## 🔧 Lab Setup (2 minutes)

First, let's set up our environment with the required packages. All dependencies should already be installed from your requirements.txt file.

**Run the cell below to import libraries and verify your setup:**

In [None]:
# Import necessary libraries
import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
import plotly.express as px
import plotly.graph_objects as go
from plotly.subplots import make_subplots

from sklearn.datasets import make_classification, load_digits
from sklearn.model_selection import train_test_split
from sklearn.ensemble import RandomForestClassifier
from sklearn.linear_model import LogisticRegression
from sklearn.metrics import accuracy_score, classification_report, confusion_matrix
from sklearn.preprocessing import StandardScaler

import warnings
warnings.filterwarnings('ignore')

# Set random seeds for reproducibility
np.random.seed(42)

print("Environment setup complete!")

## 🎯 Activity 1: Building Our Target - AI Fraud Detection System (8 minutes)

Let's create a machine learning system that we'll use to demonstrate AI security concepts. This mirrors real-world scenarios where **AI systems become security targets**.

**Key Chapter 1 Concept**: AI systems face unique threats that traditional security can't address. We'll build a fraud detection model that represents a typical enterprise AI system.

**Your Task**: Create a synthetic fraud detection dataset and understand why this system needs specialized security measures.

In [None]:
# Create synthetic fraud detection dataset
def create_fraud_dataset(n_samples=10000, n_features=20, n_informative=10):
    """
    Create a synthetic fraud detection dataset
    """
    X, y = make_classification(
        n_samples=n_samples,
        n_features=n_features,
        n_informative=n_informative,
        n_redundant=5,
        n_clusters_per_class=2,
        class_sep=0.8,
        random_state=42
    )
    
    # Create feature names
    feature_names = [
        'transaction_amount', 'account_age', 'num_previous_transactions',
        'time_since_last_transaction', 'merchant_risk_score', 'location_risk_score',
        'device_risk_score', 'behavioral_score', 'network_risk_score',
        'payment_method_risk', 'transaction_velocity', 'amount_deviation',
        'time_of_day_risk', 'day_of_week_risk', 'seasonal_risk',
        'customer_tier', 'account_balance', 'credit_score',
        'geographic_risk', 'channel_risk'
    ]
    
    # Create DataFrame
    df = pd.DataFrame(X, columns=feature_names)
    df['is_fraud'] = y
    
    return df

# Generate the dataset
fraud_data = create_fraud_dataset()
print(f"Dataset created with {len(fraud_data)} samples")
print(f"Fraud rate: {fraud_data['is_fraud'].mean():.2%}")
print("\nDataset preview:")
print(fraud_data.head())

In [None]:
# Visualize the dataset to understand our AI system
print("📊 Analyzing our fraud detection dataset...")

# Basic statistics
print(f"Dataset size: {len(fraud_data):,} transactions")
print(f"Fraud rate: {fraud_data['is_fraud'].mean():.1%}")
print(f"Features: {fraud_data.shape[1]-1} risk indicators")

# Class distribution
class_counts = fraud_data['is_fraud'].value_counts()
print(f"\nClass Distribution:")
print(f"  Legitimate transactions: {class_counts[0]:,}")
print(f"  Fraudulent transactions: {class_counts[1]:,}")

# Create a simple visualization
fig, axes = plt.subplots(1, 2, figsize=(12, 4))

# Class distribution pie chart
axes[0].pie(class_counts.values, labels=['Legitimate', 'Fraud'], autopct='%1.1f%%', 
           colors=['lightblue', 'lightcoral'])
axes[0].set_title('Transaction Class Distribution')

# Feature correlation heatmap (first 8 features for readability)
corr_matrix = fraud_data.iloc[:, :8].corr()
sns.heatmap(corr_matrix, annot=False, cmap='RdBu_r', center=0, ax=axes[1])
axes[1].set_title('Feature Correlations (Sample)')

plt.tight_layout()
plt.show()

print("\n🔍 Key Observation: This balanced dataset means our AI system will face sophisticated attacks!")
print("Real fraud datasets are highly imbalanced (< 1% fraud), making them even more vulnerable.")

## 🎯 Activity 2: Training Our AI System (5 minutes)

Now let's train our fraud detection model. We'll use this as our **target system** for security testing.

**Key Chapter 1 Concept**: Every AI model creates an expanded attack surface. Unlike traditional software, attackers can manipulate AI through data, inputs, and even model queries.

**Your Task**: Train a baseline model and identify why it needs security protection beyond traditional measures.

In [None]:
# Prepare the data
X = fraud_data.drop('is_fraud', axis=1)
y = fraud_data['is_fraud']

# Split the data
X_train, X_test, y_train, y_test = train_test_split(
    X, y, test_size=0.2, random_state=42, stratify=y
)

# Scale the features
scaler = StandardScaler()
X_train_scaled = scaler.fit_transform(X_train)
X_test_scaled = scaler.transform(X_test)

print(f"Training set size: {len(X_train)}")
print(f"Test set size: {len(X_test)}")
print(f"Number of features: {X_train.shape[1]}")

In [None]:
# Train our fraud detection model
print("🤖 Training fraud detection AI system...")

# Train a Random Forest model (commonly used in production)
model = RandomForestClassifier(n_estimators=100, random_state=42)
model.fit(X_train, y_train)

# Evaluate the model
y_pred = model.predict(X_test)
accuracy = accuracy_score(y_test, y_pred)

print(f"✅ Model trained successfully!")
print(f"📈 Accuracy: {accuracy:.1%}")
print(f"🎯 This model is now ready for deployment... but is it secure?")

# Show what makes this system vulnerable
print(f"\n⚠️  AI Security Concerns:")
print(f"   • {X.shape[1]} input features = {X.shape[1]} potential attack vectors")
print(f"   • Model processes {len(X_test):,} predictions in this test alone")
print(f"   • No input validation or monitoring currently implemented")
print(f"   • Traditional firewalls can't detect adversarial inputs!")

    Note - if the output from the cell above ^ is partially duplicated, it is a known bug in the VSCode Jupyter extension.  It is fixed in the preview version 

## 🛡️ Activity 3: Implementing AI Security Controls (10 minutes)

Now comes the critical part - securing our AI system! This demonstrates the **AI Security Framework** from the lecture.

**Key Chapter 1 Concepts**:
- **Why Traditional Security Falls Short**: Firewalls can't detect adversarial inputs
- **AI-Specific Threats**: Model extraction, adversarial examples, data poisoning
- **Defense in Depth**: Multiple layers of AI security controls

**Your Task**: Build a security wrapper that implements the controls discussed in the lecture slides.

In [None]:
class SecureAIModel:
    """
    A security wrapper implementing AI Security Framework controls from Chapter 1
    """
    
    def __init__(self, model, scaler, feature_names):
        self.model = model
        self.scaler = scaler
        self.feature_names = feature_names
        
        # Security controls from Chapter 1 framework
        self.prediction_log = []
        self.access_log = []
        self.rate_limit_counter = {}
        self.max_requests_per_minute = 100
        self.suspicious_activity_detected = []
        
        # Define normal input ranges (baseline security)
        self.input_bounds = {
            'min_values': X.min().values,
            'max_values': X.max().values,
            'expected_shape': X.shape[1]
        }
        print("🛡️ Security wrapper initialized with AI-specific controls!")
    
    def validate_input(self, X_input, user_id=None):
        """
        AI-specific input validation (addresses Chapter 1 threat: Adversarial Inputs)
        """
        import time
        
        # Log access for monitoring
        access_time = time.time()
        self.access_log.append({
            'user_id': user_id,
            'timestamp': access_time,
            'input_shape': X_input.shape if hasattr(X_input, 'shape') else None
        })
        
        # Rate limiting (prevents model extraction attacks)
        if user_id:
            current_minute = int(access_time // 60)
            if user_id not in self.rate_limit_counter:
                self.rate_limit_counter[user_id] = {current_minute: 1}
            elif current_minute in self.rate_limit_counter[user_id]:
                self.rate_limit_counter[user_id][current_minute] += 1
                if self.rate_limit_counter[user_id][current_minute] > self.max_requests_per_minute:
                    raise ValueError(f"🚨 SECURITY ALERT: Rate limit exceeded for user {user_id}")
            else:
                self.rate_limit_counter[user_id][current_minute] = 1
        
        # Convert to numpy array if it's a DataFrame
        if hasattr(X_input, 'values'):
            X_input_array = X_input.values
        else:
            X_input_array = X_input
            
        # Shape validation (basic input sanitization)
        if X_input_array.ndim == 1:
            X_input_array = X_input_array.reshape(1, -1)
        
        if X_input_array.shape[1] != self.input_bounds['expected_shape']:
            raise ValueError(f"🚨 SECURITY ALERT: Invalid input shape - potential attack detected!")
        
        # Adversarial input detection (simplified)
        for i in range(X_input_array.shape[1]):
            if np.any(X_input_array[:, i] < self.input_bounds['min_values'][i] * 3) or \
               np.any(X_input_array[:, i] > self.input_bounds['max_values'][i] * 3):
                warning = f"⚠️ Suspicious input in feature {self.feature_names[i]} - outside normal range"
                print(warning)
                self.suspicious_activity_detected.append(warning)
        
        return X_input
    
    def predict(self, X_input, user_id=None, confidence_threshold=0.7):
        """
        Secure prediction with monitoring and validation
        """
        import time
        
        # Step 1: Validate input (AI security control)
        X_validated = self.validate_input(X_input, user_id)
        
        # Step 2: Apply scaling (convert to numpy array if needed)
        if hasattr(X_validated, 'values'):
            X_processed = self.scaler.transform(X_validated.values)
        else:
            X_processed = self.scaler.transform(X_validated)
        
        # Step 3: Make prediction with confidence monitoring
        prediction = self.model.predict(X_processed)
        probabilities = self.model.predict_proba(X_processed)
        max_confidence = np.max(probabilities, axis=1)
        
        # Step 4: Log prediction for audit trail
        self.prediction_log.append({
            'timestamp': time.time(),
            'user_id': user_id,
            'prediction': prediction.tolist(),
            'max_confidence': max_confidence.tolist()
        })
        
        # Step 5: Confidence threshold check
        low_confidence_mask = max_confidence < confidence_threshold
        if np.any(low_confidence_mask):
            print(f"⚠️ Warning: {np.sum(low_confidence_mask)} low-confidence predictions detected")
        
        return prediction, probabilities
    
    def get_security_report(self):
        """
        Generate security dashboard (monitoring from Chapter 1 framework)
        """
        total_requests = len(self.access_log)
        unique_users = len(set([log.get('user_id') for log in self.access_log if log.get('user_id')]))
        
        report = {
            'total_requests': total_requests,
            'unique_users': unique_users,
            'suspicious_activities': len(self.suspicious_activity_detected),
            'total_predictions': len(self.prediction_log)
        }
        
        if self.prediction_log:
            confidences = [max(log['max_confidence']) for log in self.prediction_log]
            report['avg_confidence'] = np.mean(confidences)
            report['low_confidence_predictions'] = sum([1 for c in confidences if c < 0.7])
        
        return report

# Create our secure AI system
secure_model = SecureAIModel(
    model=model,
    scaler=scaler,
    feature_names=X.columns.tolist()
)

print("✅ Secure AI system deployed with Chapter 1 security controls!")
print("🔒 Implemented controls: Input validation, Rate limiting, Monitoring, Audit logging")

## 🧪 Activity 4: Testing Our AI Security (8 minutes)

Time for a mini penetration test! Let's simulate the **AI-specific attacks** discussed in Chapter 1.

**Key Chapter 1 Concepts Being Tested**:
- **Adversarial Examples**: Crafted inputs designed to fool AI
- **Model Extraction**: Attempts to steal model functionality
- **Infrastructure Attacks**: Overwhelming the system

**Your Task**: Act as an attacker and test your security controls!

In [None]:
# 🧪 Test 1: Normal Operation (Baseline)
print("🧪 TEST 1: Normal Prediction")
print("=" * 40)
normal_sample = X_test.iloc[:3]  # Use first 3 test samples
predictions, probabilities = secure_model.predict(normal_sample, user_id="legitimate_user")
print(f"✅ Predictions: {predictions}")

# Fix: Handle array of confidence levels properly
confidence_levels = np.max(probabilities, axis=1)
confidence_str = ", ".join([f"{conf:.3f}" for conf in confidence_levels])
print(f"📊 Confidence levels: [{confidence_str}]")
print("Result: Normal operation successful!\n")

# 🧪 Test 2: Adversarial Attack Simulation
print("🧪 TEST 2: Adversarial Input Attack")
print("=" * 40)
adversarial_sample = X_test.iloc[:1].copy()
# Simulate adversarial perturbation (extreme values)
adversarial_sample.iloc[0, 0] = 100  # Extreme value in first feature
print("Attempting adversarial attack with extreme input values...")
predictions, probabilities = secure_model.predict(adversarial_sample, user_id="attacker")
print("Result: Attack detected but prediction still made - need stronger controls!\n")

# 🧪 Test 3: Model Extraction Attack (Rate Limiting)
print("🧪 TEST 3: Model Extraction Attack (Rate Limiting)")
print("=" * 40)
print("Simulating rapid queries to extract model behavior...")
try:
    # Simulate 105 rapid requests (over our limit of 100)
    for i in range(105):
        secure_model.predict(X_test.iloc[:1], user_id="model_thief")
        if i % 20 == 0:
            print(f"   Query {i+1}/105...")
except ValueError as e:
    print(f"🛡️ SECURITY CONTROL TRIGGERED: {e}")
print("Result: Rate limiting successfully prevented model extraction!\n")

# 🧪 Test 4: Invalid Input Attack
print("🧪 TEST 4: Invalid Input Structure Attack")
print("=" * 40)
try:
    invalid_sample = X_test.iloc[:1, :10]  # Wrong number of features
    print("Attempting attack with malformed input...")
    secure_model.predict(invalid_sample, user_id="structural_attacker")
except ValueError as e:
    print(f"🛡️ SECURITY CONTROL TRIGGERED: {e}")
print("Result: Input validation successfully blocked malformed attack!")

In [None]:
# 📊 Security Dashboard - Monitor Our AI System
print("📊 AI SECURITY DASHBOARD")
print("=" * 50)

# Generate security report
report = secure_model.get_security_report()

# Display key metrics
print(f"🔍 Security Monitoring Results:")
print(f"   Total Requests Processed: {report['total_requests']}")
print(f"   Unique Users: {report['unique_users']}")
print(f"   Suspicious Activities Detected: {report['suspicious_activities']}")
print(f"   Total Predictions Made: {report['total_predictions']}")

if 'avg_confidence' in report:
    print(f"   Average Prediction Confidence: {report['avg_confidence']:.1%}")
    print(f"   Low Confidence Predictions: {report['low_confidence_predictions']}")

# Show detected threats
if secure_model.suspicious_activity_detected:
    print(f"\n⚠️ Threat Detection Log:")
    for i, threat in enumerate(secure_model.suspicious_activity_detected, 1):
        print(f"   {i}. {threat}")

# Security effectiveness analysis
print(f"\n🛡️ Security Control Effectiveness:")
total_attacks = 4  # From our 4 test scenarios
blocked_attacks = 2  # Rate limiting + Invalid input
effectiveness = (blocked_attacks / total_attacks) * 100
print(f"   Attack Prevention Rate: {effectiveness:.0f}%")
print(f"   Controls Triggered: {blocked_attacks}/{total_attacks} attack scenarios")

# Recommendations based on Chapter 1 framework
print(f"\n📋 Recommendations (from Chapter 1 Framework):")
print(f"   ✅ Implemented: Input validation, Rate limiting, Monitoring")
print(f"   🔄 Needs Improvement: Adversarial detection, Confidence thresholds")
print(f"   ➡️ Next Steps: Implement model encryption, Differential privacy")

print(f"\n🎯 Lab Complete! You've experienced AI security in action.")

## 🤔 Activity 5: Reflection and Next Steps (5 minutes)

Congratulations! You've just built and tested an AI security system. Let's connect this hands-on experience back to the Chapter 1 concepts.

**Run the cell below to ake the Chapter 1 Quiz to test your understanding:**

In [None]:
# Open Chapter 1 Quiz in external browser
import webbrowser
import os

# Get the absolute path to the HTML file
quiz_path = os.path.join(os.getcwd(), 'chapter1_quiz.html')

# Check if file exists
if os.path.exists(quiz_path):
    print("🌐 Opening Chapter 1 Quiz in your default browser...")
    webbrowser.open('file://' + quiz_path)
    print("✅ Quiz opened! Check your browser.")
else:
    print("❌ Quiz file not found. Make sure 'chapter1_quiz.html' exists in the current folder.")

## 🎯 Lab Summary: What You Accomplished

### ✅ Hands-On Experience Gained

**1. Built a Real AI System**: Created a fraud detection model representing production AI systems

**2. Experienced AI as Security Target**: Saw how AI systems face unique threats that traditional security can't address

**3. Implemented AI Security Framework**: Applied Chapter 1 concepts including:
   - Input validation and sanitization
   - Rate limiting for model extraction prevention  
   - Monitoring and audit logging
   - Adversarial input detection

**4. Conducted Security Testing**: Performed mini penetration testing against your own AI system

**5. Analyzed Security Effectiveness**: Measured and reported on AI-specific security controls

### 🔑 Key Insights from This Lab

1. **Traditional Security is Insufficient**: Firewalls and antivirus cannot detect adversarial inputs
2. **AI Expands Attack Surface**: Every model feature creates potential attack vectors
3. **Defense in Depth Works**: Multiple security layers provide better protection
4. **Monitoring is Critical**: AI systems require continuous security monitoring
5. **Security Must Be Built-In**: Adding security after deployment is much harder

### 🚀 Ready for Chapter 2?

You now have practical experience with the AI security fundamentals covered in Chapter 1. In Chapter 2, we'll dive deeper into specific attack techniques and learn advanced defense mechanisms.

## 💭 Discussion Questions for Class

Based on your hands-on experience, discuss these questions with your classmates:

### 🏢 Real-World Application
1. **In Your Organization**: What AI systems does your organization use? How are they currently secured?

2. **Risk Assessment**: Based on this lab, what would you identify as the highest AI security risks for a financial services company?

3. **Implementation Challenges**: What obstacles might prevent organizations from implementing the security controls we demonstrated?

### 🔍 Technical Deep-Dive
4. **Attack Sophistication**: Our adversarial attack was simple (extreme values). How might real attackers create more sophisticated adversarial examples?

5. **Performance vs Security**: What trade-offs did you notice between security controls and system performance?

6. **Monitoring Scale**: How would our monitoring approach need to change for a system processing millions of transactions per day?

### 🚀 Future Considerations
7. **Emerging Threats**: What new AI security threats might emerge as AI technology advances?

8. **Regulatory Impact**: How might emerging AI regulations (like the EU AI Act) affect the security controls we implemented?

### 💡 Your Next Steps
Think about how you'll apply these concepts in your current role or future AI projects. What will you do differently now that you understand AI-specific security requirements?

## 🎓 Lab Complete - Your AI Security Journey Begins!

### 📚 Chapter 1 Learning Objectives - ✅ ACHIEVED!

- ✅ **Analyzed the critical need** for AI security through hands-on system building
- ✅ **Identified key components** of the AI threat landscape via practical attacks  
- ✅ **Distinguished between AI as tool vs target** by building and attacking an AI system
- ✅ **Evaluated AI security risks** through real testing scenarios
- ✅ **Applied fundamental best practices** by implementing security controls
- ✅ **Recognized common pitfalls** through failed and successful attack attempts

### 🛣️ Your Path Forward

**Next in This Course**:
- **Chapter 2**: Advanced threat analysis and sophisticated attack techniques
- **Chapter 3**: Building comprehensive AI defense systems  
- **Chapter 4**: Adversarial machine learning and countermeasures
- **Chapter 5**: AI forensics and incident investigation

**In Your Professional Development**:
- Start security-first thinking in any AI projects
- Advocate for AI security measures in your organization
- Join AI security communities and continue learning
- Consider AI security certifications and specialization

### 🔥 Keep the Momentum Going!

You've taken the first practical step into AI security. The techniques you learned today form the foundation for everything we'll cover in this course. 

**Remember**: AI security isn't just about protecting technology - it's about protecting the people and organizations that depend on AI systems.

---

**🚀 Ready for Chapter 2? Let's dive deeper into the AI threat landscape!**