Middleware Architecture for the Management and Mitigation of OWASP ML05: Model Theft in IoT Machine Learning Networks

Julio Yair Rivera; Ángel Pinto; Nelson A. Pérez García; Monica Karel Huerta; Cesar Viloria Nuñez; Marvin Luis Pérez Cabrera; Frank Ibarra Hernández; Juan Torres Tovio; Erwin J. Sacoto-Cabrera

doi:10.1109/TEMSCONGlobal64363.2025.11238259

Middleware Architecture for the Management and Mitigation of OWASP ML05: Model Theft in IoT Machine Learning Networks

Julio Yair Rivera
, Ángel Pinto
, Nelson A. Pérez García
, Monica Karel Huerta
, Cesar Viloria Nuñez
, Marvin Luis Pérez Cabrera
, Frank Ibarra Hernández
, Juan Torres Tovio
, Erwin J. Sacoto-Cabrera

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

Resumen

The increasing integration of machine learning (ML) models into Internet of Things (IoT) applications has led to notable advancements in automation and decision-making. However, these models are vulnerable to modern attack vectors recognized by the OWASP Top 10 for Large Language Model Applications, specifically ML05: Model Theft, where adversaries gain unauthorized access to model parameters and training data, compromising intellectual property and sensitive information. Such threats are particularly concerning in IoT environments due to their distributed nature and resource limitations. This paper proposes a middleware architecture for the management and mitigation of model theft risks by incorporating encryption, access control, obfuscation, watermarking, continuous monitoring, and service assurance programmability. By strengthening the security management framework of ML models deployed in IoT, the proposed architecture aims to protect against theft, ensure data confidentiality, and maintain network resilience. The approach includes detailed mathematical models and an evaluation of existing security measures, demonstrating the architecture's effectiveness in diverse IoT deployments, such as telemedicine and smart cities.

Idioma original	Inglés
Título de la publicación alojada	TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings
Editorial	Institute of Electrical and Electronics Engineers Inc.
ISBN (versión digital)	9798331542740
DOI	https://doi.org/10.1109/TEMSCONGlobal64363.2025.11238259
Estado	Publicada - 2025
Evento	2025 IEEE Technology and Engineering Management Society Conference - Global, TEMSCON Global 2025 - San Diego, Estados Unidos Duración: 4 ago. 2025 → 7 ago. 2025

Serie de la publicación

Nombre	TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings

Conferencia

Conferencia	2025 IEEE Technology and Engineering Management Society Conference - Global, TEMSCON Global 2025
País/Territorio	Estados Unidos
Ciudad	San Diego
Período	4/08/25 → 7/08/25

Nota bibliográfica

Publisher Copyright:
© 2025 IEEE.

ODS de las Naciones Unidas

Este resultado contribuye a los siguientes Objetivos de Desarrollo Sostenible

ODS 11: Ciudades y comunidades sostenibles

Acceder al documento

10.1109/TEMSCONGlobal64363.2025.11238259

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Yair Rivera, J., Pinto, Á., Pérez García, N. A., Huerta, M. K., Viloria Nuñez, C., Pérez Cabrera, M. L., Ibarra Hernández, F., Torres Tovio, J., & Sacoto-Cabrera, E. J. (2025). Middleware Architecture for the Management and Mitigation of OWASP ML05: Model Theft in IoT Machine Learning Networks. En TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings (TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TEMSCONGlobal64363.2025.11238259

Yair Rivera, Julio ; Pinto, Ángel ; Pérez García, Nelson A. et al. / Middleware Architecture for the Management and Mitigation of OWASP ML05 : Model Theft in IoT Machine Learning Networks. TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings. Institute of Electrical and Electronics Engineers Inc., 2025. (TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings).

@inproceedings{37dda876a27a4787a15e06dbc1084023,

title = "Middleware Architecture for the Management and Mitigation of OWASP ML05: Model Theft in IoT Machine Learning Networks",

abstract = "The increasing integration of machine learning (ML) models into Internet of Things (IoT) applications has led to notable advancements in automation and decision-making. However, these models are vulnerable to modern attack vectors recognized by the OWASP Top 10 for Large Language Model Applications, specifically ML05: Model Theft, where adversaries gain unauthorized access to model parameters and training data, compromising intellectual property and sensitive information. Such threats are particularly concerning in IoT environments due to their distributed nature and resource limitations. This paper proposes a middleware architecture for the management and mitigation of model theft risks by incorporating encryption, access control, obfuscation, watermarking, continuous monitoring, and service assurance programmability. By strengthening the security management framework of ML models deployed in IoT, the proposed architecture aims to protect against theft, ensure data confidentiality, and maintain network resilience. The approach includes detailed mathematical models and an evaluation of existing security measures, demonstrating the architecture's effectiveness in diverse IoT deployments, such as telemedicine and smart cities.",

keywords = "Cybersecurity, IoT, Middleware Architecture, Model Theft, OWASP ML05:2023",

author = "\{Yair Rivera\}, Julio and {\'A}ngel Pinto and \{P{\'e}rez Garc{\'i}a\}, \{Nelson A.\} and Huerta, \{Monica Karel\} and \{Viloria Nu{\~n}ez\}, Cesar and \{P{\'e}rez Cabrera\}, \{Marvin Luis\} and \{Ibarra Hern{\'a}ndez\}, Frank and \{Torres Tovio\}, Juan and Sacoto-Cabrera, \{Erwin J.\}",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 2025 IEEE Technology and Engineering Management Society Conference - Global, TEMSCON Global 2025 ; Conference date: 04-08-2025 Through 07-08-2025",

year = "2025",

doi = "10.1109/TEMSCONGlobal64363.2025.11238259",

language = "English",

series = "TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings",

address = "United States",

}

Yair Rivera, J, Pinto, Á, Pérez García, NA, Huerta, MK, Viloria Nuñez, C, Pérez Cabrera, ML, Ibarra Hernández, F, Torres Tovio, J & Sacoto-Cabrera, EJ 2025, Middleware Architecture for the Management and Mitigation of OWASP ML05: Model Theft in IoT Machine Learning Networks. En TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings. TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings, Institute of Electrical and Electronics Engineers Inc., 2025 IEEE Technology and Engineering Management Society Conference - Global, TEMSCON Global 2025, San Diego, Estados Unidos, 4/08/25. https://doi.org/10.1109/TEMSCONGlobal64363.2025.11238259

Middleware Architecture for the Management and Mitigation of OWASP ML05: Model Theft in IoT Machine Learning Networks. / Yair Rivera, Julio; Pinto, Ángel; Pérez García, Nelson A. et al.
TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings. Institute of Electrical and Electronics Engineers Inc., 2025. (TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

TY - GEN

T1 - Middleware Architecture for the Management and Mitigation of OWASP ML05

T2 - 2025 IEEE Technology and Engineering Management Society Conference - Global, TEMSCON Global 2025

AU - Yair Rivera, Julio

AU - Pinto, Ángel

AU - Pérez García, Nelson A.

AU - Huerta, Monica Karel

AU - Viloria Nuñez, Cesar

AU - Pérez Cabrera, Marvin Luis

AU - Ibarra Hernández, Frank

AU - Torres Tovio, Juan

AU - Sacoto-Cabrera, Erwin J.

PY - 2025

Y1 - 2025

N2 - The increasing integration of machine learning (ML) models into Internet of Things (IoT) applications has led to notable advancements in automation and decision-making. However, these models are vulnerable to modern attack vectors recognized by the OWASP Top 10 for Large Language Model Applications, specifically ML05: Model Theft, where adversaries gain unauthorized access to model parameters and training data, compromising intellectual property and sensitive information. Such threats are particularly concerning in IoT environments due to their distributed nature and resource limitations. This paper proposes a middleware architecture for the management and mitigation of model theft risks by incorporating encryption, access control, obfuscation, watermarking, continuous monitoring, and service assurance programmability. By strengthening the security management framework of ML models deployed in IoT, the proposed architecture aims to protect against theft, ensure data confidentiality, and maintain network resilience. The approach includes detailed mathematical models and an evaluation of existing security measures, demonstrating the architecture's effectiveness in diverse IoT deployments, such as telemedicine and smart cities.

AB - The increasing integration of machine learning (ML) models into Internet of Things (IoT) applications has led to notable advancements in automation and decision-making. However, these models are vulnerable to modern attack vectors recognized by the OWASP Top 10 for Large Language Model Applications, specifically ML05: Model Theft, where adversaries gain unauthorized access to model parameters and training data, compromising intellectual property and sensitive information. Such threats are particularly concerning in IoT environments due to their distributed nature and resource limitations. This paper proposes a middleware architecture for the management and mitigation of model theft risks by incorporating encryption, access control, obfuscation, watermarking, continuous monitoring, and service assurance programmability. By strengthening the security management framework of ML models deployed in IoT, the proposed architecture aims to protect against theft, ensure data confidentiality, and maintain network resilience. The approach includes detailed mathematical models and an evaluation of existing security measures, demonstrating the architecture's effectiveness in diverse IoT deployments, such as telemedicine and smart cities.

KW - Cybersecurity

KW - IoT

KW - Middleware Architecture

KW - Model Theft

KW - OWASP ML05:2023

UR - https://www.scopus.com/pages/publications/105031438328

U2 - 10.1109/TEMSCONGlobal64363.2025.11238259

DO - 10.1109/TEMSCONGlobal64363.2025.11238259

M3 - Conference contribution

AN - SCOPUS:105031438328

T3 - TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings

BT - TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 4 August 2025 through 7 August 2025

ER -

Yair Rivera J, Pinto Á, Pérez García NA, Huerta MK, Viloria Nuñez C, Pérez Cabrera ML et al. Middleware Architecture for the Management and Mitigation of OWASP ML05: Model Theft in IoT Machine Learning Networks. En TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings. Institute of Electrical and Electronics Engineers Inc. 2025. (TEMSCON Global 2025 - 2025 IEEE Technology and Engineering Management Society Conference - Global, Conference Proceedings). doi: 10.1109/TEMSCONGlobal64363.2025.11238259