Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Jia Yifan,Poskitt Christopher M.,Zhang Peixin,Wang Jingyi,Sun Jun,Chattopadhyay Sudipta

DOI: https://doi.org/10.1109/lra.2023.3327934

2023-01-01

Abstract:AI-enabled collaborative robots are designed to be used in close collaboration with humans, thus requiring stringent safety standards and quick response times. Adversarial attacks pose a significant threat to the deep learning models of these systems, making it crucial to develop methods to improve the models' robustness against them. Adversarial training is one approach to improve their robustness: it works by augmenting the training data with adversarial examples. This, unfortunately, comes with the cost of increased computational overhead and extended training times. In this work, we balance the need for additional adversarial data with the goal of minimizing the training costs by selecting the most ‘valuable’ data for adversarial training. In particular, we propose a robustness-oriented boundary data selection method, RAST-AT, which stands for robust and fast adversarial training. RAST-AT selects training data near to the boundary by considering adversarial perturbations. Our method improves the speed of model training on CIFAR-10 by 68.67%, and compared to other data selection methods, has 10% higher accuracy with 10% training data selected, and 7% higher robustness with 4% training data selected. Our method also significantly improves efficiency by at least 25% in adversarial training, with the same performance. Finally, we evaluate our method on a cobot system, generating adversarial patches as attacks, and adopting RAST-AT as the defense. We find that RAST-AT can defend against 60% of untargeted attacks and 20% of targeted attacks. Our work highlights the benefits of developing effective defenses against adversarial attacks to ensure the security and reliability of AI-powered safety-critical systems.

Bader Al-Sada,Alireza Sadighian,Gabriele Oligeri

2023-08-27

Abstract:MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques and procedures based on real-world observations. It has been used as a foundation for threat modelling in different sectors, such as government, academia and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study and investigation of the current state of the art leveraging the MITRE ATT&CK framework. We select and inspect more than fifty major research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. We provide a categorization of the identified papers according to different criteria such as use cases, application scenarios, adopted methodologies and the use of additional data. Finally, we discuss open issues and future research directions involving not only the MITRE ATT&CK framework but also the fields of risk analysis and cyber-threat intelligence at large.

Cryptography and Security

Ayodeji Oseni,Nour Moustafa,Helge Janicke,Peng Liu,Zahir Tari,Athanasios Vasilakos

DOI: https://doi.org/10.48550/arXiv.2102.04661

2021-02-09

Cryptography and Security

Abstract:The increased adoption of Artificial Intelligence (AI) presents an opportunity to solve many socio-economic and environmental challenges; however, this cannot happen without securing AI-enabled technologies. In recent years, most AI models are vulnerable to advanced and sophisticated hacking techniques. This challenge has motivated concerted research efforts into adversarial AI, with the aim of developing robust machine and deep learning models that are resilient to different types of adversarial scenarios. In this paper, we present a holistic cyber security review that demonstrates adversarial attacks against AI applications, including aspects such as adversarial knowledge and capabilities, as well as existing methods for generating adversarial examples and existing cyber defence models. We explain mathematical AI models, especially new variants of reinforcement and federated learning, to demonstrate how attack vectors would exploit vulnerabilities of AI models. We also propose a systematic framework for demonstrating attack techniques against AI applications and reviewed several cyber defences that would protect AI applications against those attacks. We also highlight the importance of understanding the adversarial goals and their capabilities, especially the recent attacks against industry applications, to develop adaptive defences that assess to secure AI applications. Finally, we describe the main challenges and future research directions in the domain of security and privacy of AI technologies.

Vimal Kumar,Juliette Mayo,Khadija Bahiss

2024-01-16

Abstract:Machine learning (ML) and artificial intelligence (AI) techniques have now become commonplace in software products and services. When threat modelling a system, it is therefore important that we consider threats unique to ML and AI techniques, in addition to threats to our software. In this paper, we present a threat model that can be used to systematically uncover threats to AI based software. The threat model consists of two main parts, a model of the software development process for AI based software and an attack taxonomy that has been developed using attacks found in adversarial AI research. We apply the threat model to two real life AI based software and discuss the process and the threats found.

Cryptography and Security

Md Rayhanur Rahman,Laurie Williams

DOI: https://doi.org/10.48550/arXiv.2211.06495

2022-11-12

Abstract:Cyberattacks use adversarial techniques to bypass system defenses, persist, and eventually breach systems. The MITRE ATT\&CK framework catalogs a set of adversarial techniques and maps between adversaries and their used techniques and tactics. Understanding how adversaries deploy techniques in conjunction is pivotal for learning adversary behavior, hunting potential threats, and formulating a proactive defense. The goal of this research is to aid cybersecurity practitioners and researchers in choosing detection and mitigation strategies through co-occurrence analysis of adversarial techniques reported in MITRE ATT&CK. We collect the adversarial techniques of 115 cybercrime groups and 484 malware from the MITRE ATT\&CK. We apply association rule mining and network analysis to investigate how adversarial techniques co-occur. We identify that adversaries pair T1059: Command and scripting interface and T1105: Ingress tool transfer techniques with a relatively large number of ATT\&CK techniques. We also identify adversaries using the T1082: System Information Discovery technique to determine their next course of action. We observe adversaries deploy the highest number of techniques from the TA0005: Defense evasion and TA0007: Discovery tactics. Based on our findings on co-occurrence, we identify six detection, six mitigation strategies, and twelve adversary behaviors. We urge defenders to prioritize primarily the detection of TA0007: Discovery and mitigation of TA0005: Defense evasion techniques. Overall, this study approximates how adversaries leverage techniques based on publicly reported documents. We advocate organizations investigate adversarial techniques in their environment and make the findings available for a more precise and actionable understanding.

Cryptography and Security

Elisa Bertino,Murat Kantarcioglu,Cuneyt Gurcan Akcora,Sagar Samtani,Sudip Mittal,Maanak Gupta

DOI: https://doi.org/10.1145/3422337.3450357

2021-04-26

Abstract:On one side, the security industry has successfully adopted some AI-based techniques. Use varies from mitigating denial of service attacks, forensics, intrusion detection systems, homeland security, critical infrastructures protection, sensitive information leakage, access control, and malware detection. On the other side, we see the rise of Adversarial AI. Here the core idea is to subvert AI systems for fun and profit. The methods utilized for the production of AI systems are systematically vulnerable to a new class of vulnerabilities. Adversaries are exploiting these vulnerabilities to alter AI system behavior to serve a malicious end goal. This panel discusses some of these aspects.

Onuh Matthew Ijiga,Idoko Peter Idoko,Godslove Isenyo Ebiega,Frederick Itunu Olajide,Timilehin Isaiah Olatunde,Chukwunonso Ukaegbu

DOI: https://doi.org/10.53022/oarjst.2024.11.1.0060

2024-05-30

Open Access Research Journal of Science and Technology

Abstract:The abstract is "The rapid evolution of cyber threats necessitates innovative defenses, particularly in the domains of risk assessment and fraud detection. This paper explores the integration of Artificial Intelligence (AI) and Adversarial Machine Learning (ML) techniques as a formidable strategy against increasingly sophisticated cyber-attacks. We present a comprehensive framework that leverages AI to dynamically assess cybersecurity risks and detect fraudulent activities with unprecedented accuracy and speed. Firstly, we delve into the foundational principles of adversarial machine learning, outlining how these techniques can be employed to simulate potential cyber threats, thereby enabling the development of more resilient AI-driven cybersecurity systems. We highlight the dual role of adversarial ML in both enhancing security defenses and potentially serving as a vector for sophisticated attacks, underscoring the importance of developing robust, adversarial-resistant models. Subsequently, we introduce a novel adaptive risk assessment methodology that incorporates real-time data analysis, machine learning algorithms, and predictive modeling to accurately identify and prioritize threats. This method adapts to the evolving digital landscape, ensuring that cybersecurity measures are always one step ahead of potential attackers. In the context of fraud detection, we explore -how AI algorithms can sift through vast datasets to detect anomalies and patterns indicative of fraudulent behavior. Through case studies and empirical analysis, we demonstrate the effectiveness of AI in identifying fraud across various sectors, from financial transactions to online identity verification processes. Our research contributes to the cybersecurity field by providing a detailed examination of how AI and adversarial ML can be harnessed to fortify digital defenses, improve risk assessment techniques, and enhance fraud detection capabilities. The insights garnered from this study not only advance theoretical understanding but also offer practical guidance for organizations seeking to implement AI-driven security solutions. As cyber threats continue to evolve, the integration of AI and adversarial ML in cybersecurity strategies will be paramount in safeguarding digital assets and maintaining the integrity of online systems."

Mathew J. Walter,Aaron Barrett,Kimberly Tam

2023-12-08

Abstract:Artificial intelligence (AI) is being ubiquitously adopted to automate processes in science and industry. However, due to its often intricate and opaque nature, AI has been shown to possess inherent vulnerabilities which can be maliciously exploited with adversarial AI, potentially putting AI users and developers at both cyber and physical risk. In addition, there is insufficient comprehension of the real-world effects of adversarial AI and an inadequacy of AI security examinations; therefore, the growing threat landscape is unknown for many AI solutions. To mitigate this issue, we propose one of the first red team frameworks for evaluating the AI security of maritime autonomous systems. The framework provides operators with a proactive (secure by design) and reactive (post-deployment evaluation) response to securing AI technology today and in the future. This framework is a multi-part checklist, which can be tailored to different systems and requirements. We demonstrate this framework to be highly effective for a red team to use to uncover numerous vulnerabilities within a real-world maritime autonomous systems AI, ranging from poisoning to adversarial patch attacks. The lessons learned from systematic AI red teaming can help prevent MAS-related catastrophic events in a world with increasing uptake and reliance on mission-critical AI.

Cryptography and Security,Artificial Intelligence

Divine S. Afenu,Mohammed Asiri,Neetesh Saxena

DOI: https://doi.org/10.3390/electronics13050917

IF: 2.9

2024-02-29

Electronics

Abstract:Industrial Control Systems (ICSs) have become the cornerstone of critical sectors like energy, transportation, and manufacturing. However, the burgeoning interconnectivity of ICSs has also introduced heightened risks from cyber threats. The urgency for robust ICS security validation has never been more pronounced. This paper provides an in-depth exploration of using the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to validate ICS security. Although originally conceived for enterprise Information Technology (IT), the MITRE ATT&CK framework's adaptability makes it uniquely suited to address ICS-specific security challenges, offering a methodological approach to identifying vulnerabilities and bolstering defence mechanisms. By zeroing in on two pivotal attack scenarios within ICSs and harnessing a suite of security tools, this research identifies potential weak points and proposes solutions to rectify them. Delving into Indicators of Compromise (IOCs), investigating suitable tools, and capturing indicators, this study serves as a critical resource for organisations aiming to fortify their ICS security. Through this lens, we offer tangible recommendations and insights, pushing the envelope in the domain of ICS security validation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yupeng Hu,Wenxin Kuang,Zheng Qin,Kenli Li,Jiliang Zhang,Yansong Gao,Wenjia Li,Keqin Li

DOI: https://doi.org/10.1145/3487890

IF: 16.6

2023-01-31

ACM Computing Surveys

Abstract:In recent years, with rapid technological advancement in both computing hardware and algorithm, Artificial Intelligence (AI) has demonstrated significant advantage over human being in a wide range of fields, such as image recognition, education, autonomous vehicles, finance, and medical diagnosis. However, AI-based systems are generally vulnerable to various security threats throughout the whole process, ranging from the initial data collection and preparation to the training, inference, and final deployment. In an AI-based system, the data collection and pre-processing phase are vulnerable to sensor spoofing attacks and scaling attacks, respectively, while the training and inference phases of the model are subject to poisoning attacks and adversarial attacks, respectively. To address these severe security threats against the AI-based systems, in this article, we review the challenges and recent research advances for security issues in AI, so as to depict an overall blueprint for AI security. More specifically, we first take the lifecycle of an AI-based system as a guide to introduce the security threats that emerge at each stage, which is followed by a detailed summary for corresponding countermeasures. Finally, some of the future challenges and opportunities for the security issues in AI will also be discussed.

computer science, theory & methods

Ram Shankar Siva Kumar,Magnus Nyström,John Lambert,Andrew Marshall,Mario Goertzel,Andi Comissoneru,Matt Swann,Sharon Xia

DOI: https://doi.org/10.48550/arXiv.2002.05646

2021-03-20

Abstract:Based on interviews with 28 organizations, we found that industry practitioners are not equipped with tactical and strategic tools to protect, detect and respond to attacks on their Machine Learning (ML) systems. We leverage the insights from the interviews and we enumerate the gaps in perspective in securing machine learning systems when viewed in the context of traditional software security development. We write this paper from the perspective of two personas: developers/ML engineers and security incident responders who are tasked with securing ML systems as they are designed, developed and deployed ML systems. The goal of this paper is to engage researchers to revise and amend the Security Development Lifecycle for industrial-grade software in the adversarial ML era.

Computers and Society,Cryptography and Security,Machine Learning

Rawan Al-Shaer,Jonathan M. Spring,Eliana Christou

DOI: https://doi.org/10.1109/cns48642.2020.9162207

2020-06-01

Abstract:The MITRE ATT&CK Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures (TTP). However, this information would be highly useful for attack diagnosis (i.e., forensics) and mitigation (i.e., intrusion response) if we can reliably construct technique associations that will enable predicting unobserved attack techniques based on observed ones. In this paper, we present our statistical machine learning analysis on APT and Software attack data reported by MITRE ATT&CK to infer the technique clustering that represents the significant correlation that can be used for technique prediction. Due to the complex multidimensional relationships between techniques, many of the traditional clustering methods could not obtain usable associations. Our approach, using hierarchical clustering for inferring attack technique associations with 95% confidence, provides statistically significant and explainable technique correlations. Our analysis discovers 98 different technique associations (i.e., clusters) for both APT and Software attacks. Our evaluation results show that 78% of the techniques associated by our algorithm exhibit significant mutual information that indicates reasonably high predictability.

Tyler J. Shipp,Daniel J. Clouse,Michael J. De Lucia,Metin B. Ahiskali,Kai Steverson,Jonathan M. Mullin,Nathaniel D. Bastian

DOI: https://doi.org/10.48550/arXiv.2009.13250

2020-09-25

Abstract:Artificial intelligence (AI) and machine learning (ML) have become increasingly vital in the development of novel defense and intelligence capabilities across all domains of warfare. An adversarial AI (A2I) and adversarial ML (AML) attack seeks to deceive and manipulate AI/ML models. It is imperative that AI/ML models can defend against these attacks. A2I/AML defenses will help provide the necessary assurance of these advanced capabilities that use AI/ML models. The A2I Working Group (A2IWG) seeks to advance the research and development of assured AI/ML capabilities via new A2I/AML defenses by fostering a collaborative environment across the U.S. Department of Defense and U.S. Intelligence Community. The A2IWG aims to identify specific challenges that it can help solve or address more directly, with initial focus on three topics: AI Trusted Robustness, AI System Security, and AI/ML Architecture Vulnerabilities.

Machine Learning,Cryptography and Security,Computers and Society,Software Engineering

Ivan Evtimov,Weidong Cui,Ece Kamar,Emre Kiciman,Tadayoshi Kohno,Jerry Li

DOI: https://doi.org/10.48550/arXiv.2007.07205

2020-07-13

Cryptography and Security

Abstract:Machine learning (ML) models deployed in many safety- and business-critical systems are vulnerable to exploitation through adversarial examples. A large body of academic research has thoroughly explored the causes of these blind spots, developed sophisticated algorithms for finding them, and proposed a few promising defenses. A vast majority of these works, however, study standalone neural network models. In this work, we build on our experience evaluating the security of a machine learning software product deployed on a large scale to broaden the conversation to include a systems security view of these vulnerabilities. We describe novel challenges to implementing systems security best practices in software with ML components. In addition, we propose a list of short-term mitigation suggestions that practitioners deploying machine learning modules can use to secure their systems. Finally, we outline directions for new research into machine learning attacks and defenses that can serve to advance the state of ML systems security.

Yinpeng Dong,Qi-An Fu,Xiao Yang,Wenzhao Xiang,Tianyu Pang,Hang Su,Jun Zhu,Jiayu Tang,Yuefeng Chen,XiaoFeng Mao,Yuan He,Hui Xue,Chao Li,Ye Liu,Qilong Zhang,Lianli Gao,Yunrui Yu,Xitong Gao,Zhe Zhao,Daquan Lin,Jiadong Lin,Chuanbiao Song,Zihao Wang,Zhennan Wu,Yang Guo,Jiequan Cui,Xiaogang Xu,Pengguang Chen

DOI: https://doi.org/10.48550/arXiv.2110.08042

2021-10-15

Abstract:Due to the vulnerability of deep neural networks (DNNs) to adversarial examples, a large number of defense techniques have been proposed to alleviate this problem in recent years. However, the progress of building more robust models is usually hampered by the incomplete or incorrect robustness evaluation. To accelerate the research on reliable evaluation of adversarial robustness of the current defense models in image classification, the TSAIL group at Tsinghua University and the Alibaba Security group organized this competition along with a CVPR 2021 workshop on adversarial machine learning (<a class="link-external link-https" href="https://aisecure-workshop.github.io/amlcvpr2021/" rel="external noopener nofollow">this https URL</a>). The purpose of this competition is to motivate novel attack algorithms to evaluate adversarial robustness more effectively and reliably. The participants were encouraged to develop stronger white-box attack algorithms to find the worst-case robustness of different defenses. This competition was conducted on an adversarial robustness evaluation platform -- ARES (<a class="link-external link-https" href="https://github.com/thu-ml/ares" rel="external noopener nofollow">this https URL</a>), and is held on the TianChi platform (<a class="link-external link-https" href="https://tianchi.aliyun.com/competition/entrance/531847/introduction" rel="external noopener nofollow">this https URL</a>) as one of the series of AI Security Challengers Program. After the competition, we summarized the results and established a new adversarial robustness benchmark at <a class="link-external link-https" href="https://ml.cs.tsinghua.edu.cn/ares-bench/" rel="external noopener nofollow">this https URL</a>, which allows users to upload adversarial attack algorithms and defense models for evaluation.

Computer Vision and Pattern Recognition,Artificial Intelligence,Cryptography and Security,Machine Learning

Anna Georgiadou,Spiros Mouzakitis,Dimitris Askounis

DOI: https://doi.org/10.3390/s21093267

IF: 3.9

2021-05-09

Sensors

Abstract:The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK’s possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Julius A. Bairaktaris,Arne Johannssen,Kim Phuc Tran

DOI: https://doi.org/10.1002/qre.3678

2024-11-01

Quality and Reliability Engineering International

Abstract:The recent emergence and widespread adoption of Artificial Intelligence (AI) across various industries have not only increased efficiency and innovation but also introduced complex security challenges. Addressing these security challenges is an ever‐evolving area of research that seeks to mitigate issues affecting a wide range of individuals and sectors. Understanding the threats and vulnerabilities posed by these systems, and how to effectively defend against them, has become more crucial than ever. This paper aims to provide an overview of the most common attack vectors and their respective defense strategies, focusing particularly on those relevant to Industry 4.0. A major area of interest is adversarial machine learning, a relatively new field that focuses on corrupting, confusing, and manipulating AI models by intervening in different phases of their life cycle. The key findings indicate that FLAME offers the best protection against data poisoning attacks for neural network image detection models in a federated learning environment. Additionally, due to the specific threat model in Industry 4.0, defensive distillation emerges as the most promising defense strategy against evasion attacks.

engineering, industrial, multidisciplinary,operations research & management science

Kevin Eykholt,Farhan Ahmed,Pratik Vaishnavi,Amir Rahmati

2024-10-16

Abstract:The vulnerability of machine learning models in adversarial scenarios has garnered significant interest in the academic community over the past decade, resulting in a myriad of attacks and defenses. However, while the community appears to be overtly successful in devising new attacks across new contexts, the development of defenses has stalled. After a decade of research, we appear no closer to securing AI applications beyond additional training. Despite a lack of effective mitigations, AI development and its incorporation into existing systems charge full speed ahead with the rise of generative AI and large language models. Will our ineffectiveness in developing solutions to adversarial threats further extend to these new technologies? In this paper, we argue that overly permissive attack and overly restrictive defensive threat models have hampered defense development in the ML domain. Through the lens of adversarial evasion attacks against neural networks, we critically examine common attack assumptions, such as the ability to bypass any defense not explicitly built into the model. We argue that these flawed assumptions, seen as reasonable by the community based on paper acceptance, have encouraged the development of adversarial attacks that map poorly to real-world scenarios. In turn, new defenses evaluated against these very attacks are inadvertently required to be almost perfect and incorporated as part of the model. But do they need to? In practice, machine learning models are deployed as a small component of a larger system. We analyze adversarial machine learning from a system security perspective rather than an AI perspective and its implications for emerging AI paradigms.

Machine Learning,Cryptography and Security