Machine learning creates new attack surfaces, requiring specialized defenses

Machine learning (ML) input and output are becoming increasingly common as businesses in nearly every industry integrate artificial intelligence (AI) technology into their hardware and software products. become more and more widely available to customers. This naturally attracts the attention of malicious actors.

HiddenLayer CEO Christopher Sestito talks about machine learning security considerations and related threats that enterprises should worry about.

Businesses are slowly realizing the avenues that machine learning can open up for them. But are they also paying close attention to cybersecurity?

Few businesses are focused on protecting their machine learning assets, and even fewer are allocating resources to machine learning security. There are many reasons for this, including competing budget priorities, scarcity of talent, and, until recently, a lack of security products that addressed this issue.

Over the past decade, we’ve seen every industry adopt AI/machine learning in unprecedented ways to address every use case with available data. The advantages are proven, but as we’ve seen with other new technologies, they quickly become a new attack surface for malicious actors.

As machine learning operations advance, data science teams are building a more mature AI ecosystem in terms of effectiveness, efficiency, reliability, and explainability, but security has yet to be prioritized. This is no longer a viable path for enterprise enterprises because the motivations for attacking machine learning L systems are clear, attack tools are available and easy to use, and potential targets are growing at an unprecedented rate.

How do attackers leverage public machine learning inputs?

As machine learning models are integrated into more and more production systems, they are being demonstrated to customers in hardware and software products, web applications, mobile applications, and more. This trend, often referred to as “edge AI,” brings incredible decision-making and predictive capabilities to all the technologies we use every day. Delivering machine learning to an increasing number of end users while exposing those same machine learning assets to threat actors.

Machine learning models that are not exposed online are also at risk. These models can be accessed through traditional cyber attack techniques, paving the way for adversarial machine learning opportunities. Once threat actors gain access, they can use several types of attacks. Inference attacks attempt to map or "invert" a model, thereby being able to exploit weaknesses in the model, tamper with the functionality of the overall product, or copy and steal the model itself.

People have seen real-life examples of this attacking security vendors to bypass antivirus or other protection mechanisms. An attacker could also choose to poison the data used to train the model to mislead the system into learning incorrectly and tip decision-making in the attacker's favor.

What threats to machine learning systems should enterprises be particularly worried about?

While all adversarial machine learning attack types need to be defended against, different enterprises will have different priorities. Financial institutions leveraging machine learning models to identify fraudulent transactions will be highly focused on defending against inference attacks.

If attackers understand the strengths and weaknesses of a fraud detection system, they can use it to alter their techniques to go undetected, bypassing the model entirely. Healthcare enterprises may be more sensitive to data poisoning. The medical field was an early adopter of predicting outcomes through machine learning using its massive historical data sets.

Data poisoning attacks can lead to misdiagnosis, altered drug trial results, misrepresented patient populations, etc. Security enterprises themselves are currently focusing on machine learning evasion attacks, which are actively used to deploy ransomware or backdoor networks.

What are the key security considerations chief information security officers (CISOs) should keep in mind when deploying machine learning-driven systems?

The best advice that can be given to chief information security officers (CISOs) today is to embrace the patterns we have learned in emerging technologies. Like our advances in cloud infrastructure, machine learning deployments represent a new attack surface that requires specialized defenses. The barrier to entry for adversarial machine learning attacks is lowering every day using open source attack tools like Microsoft’s Counterfit or IBM’s Adversarial Robustness Toolbox.

Another major consideration is that many of these attacks are not obvious, and if you are not looking for them, you may not understand that they are happening. As security practitioners, we are used to ransomware, which is a clear indication that a business has been compromised and data has been locked or stolen. Adversarial machine learning attacks can be tailored to occur over longer periods of time, and some attacks, such as data poisoning, can be a slower but permanently damaging process. ​

The above is the detailed content of Machine learning creates new attack surfaces, requiring specialized defenses. For more information, please follow other related articles on the PHP Chinese website!