Elements in Securing AI - Part 1 Attacks and Mitigations of AI Components

Introduction

The first part in the series about elements in securing AI will give an overview of the attacks and mitigations involving AI components, which is also known as AI self-security. This is made up of securing AI components from attacks and mitigating AI component vulnerabilities.

Types of Attacks against AI Components

  1. Attacks that target the underlying hardware, software and networks that form part of the AI system. These are essentially your traditional types of cyberattacks that make use of malware, unpatched vulnerabilities and zero-day exploits to cause damage. 
  2. Adversarial attacks are where data has been tweaked to trick a neural network and fool systems into seeing something that isn't there, ignoring what is, or misclassifying objects entirely. There are other attacks which work in a similar way. A training time attack, for example, occurs when the machine-learning model is being built, with malicious data being used to train the system, for example In a face detection algorithm, the attacker could poison the model such that it recognises the attacker’s face as an authorised person. An inference time attack, on the other hand, is showing specially crafted inputs to the model using a range of algorithms — the Fast Gradient Sign Method or the Carlini and Wagner attack are two popular methods — that subtly alter images to confuse neural networks.
  3. Sybil attacks designed to poison the AI systems that people use every day, such as recommendation systems, are a common occurrence. Sybil attacks involve a single entity creating and controlling multiple fake accounts in order to manipulate the data that AI uses to make decisions. A popular example of this attack is manipulating search engine rankings or recommendation systems to promote or demote certain pieces of content. However, these attacks can also be used to socially engineer individuals in targeted attack scenarios. 

 Types of Mitigations for AI Components

  1. To protect the underlying hardware, software and networks that make up the AI systems will rely on traditional cybersecurity measures and ideally secure by default/design to prevent against successful cyberattacks. 
  2. Defences that detect adversarial examples and defences that eliminate the existence of adversarial examples will be the main way to prevent or minimise successfully adversarial attacks.  For example when training neural networks to spot adversarial images by including them in the training data. This ensures, the network 'learns' to be somewhat robust to adversarial examples. But this relies on generating your own adversarial examples which may have limited effectiveness and then waiting for attackers adversarial data to appear which can be identified and then eliminated before any damage is done. 
  3. Trusted Certification is a partial solution to defeating Sybil attacks. It involves the presence of a trusted certifying authority (CA) that validates the one is to one correspondence between an entity on the network and its associated identity. This centralised CA thus eliminates the problem of establishing a trust relationship between two communicating nodes. Although this approach intuitively seems like the ideal method to tackle these attacks, there are a number of implementation issues specifically about how the CA shall establish the entity-identity mapping. In real-world applications, this may incur an appreciable performance cost particularly if performed manually on large scale systems.

 Conclusion

Hopefully, this post has provided some useful introductory information to attacks and mitigations of AI components that will be needed to provide elements in securing AI.

Comments

Post a Comment

Popular posts

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea
Read more

Personal Interest - Unbuilt fleets of the Royal Navy

Image
Introduction Throughout the 20th Century the Royal Navy designed and examined different types of fleets that were never realised either due to budget constraints, arms treaties or the changing nature of war. These are only a few examples of the different types of unbuilt fleets. Some of these had prototypes built and tasted for the Royal Navy which would serve as technological testbeds. Images and info from secret projects forum, shipbucket, popular mechanics/science and naval-matters. Washington Naval Treaty (WNT) The  Washington Naval Treaty  was a treaty signed during 1922 among the major nations that had won  World War I , which agreed to prevent an  arms race  by limiting naval construction. It was negotiated at the  Washington Naval Conference , held in  Washington, D.C. , from November 1921 to February 1922, and it was signed by the governments of the United Kingdom, the United States, France, Italy, and Japan. It limited the construction of  battleships ,  battlecruisers
Read more

Personal Interest - RAF Unbuilt Projects

Image
  Introduction This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources for th
Read more