Vulnerabilities In Machine Learning
Blog / Vulnerabilities In Machine Learning
Machine learning (ML) programs are at the core of artificial intelligence (AI) and while there are many benefits gained from machine learning, it is still a relatively new concept thus the cyber defence strategies are also in their early stages. This leaves ML models vulnerable to attacks.
AI and ML are becoming more prevalent in the cyber security industry because of their ability to deliver advanced insights that security teams can use to ensure that cybercrime doesn’t fly under the radar as well as to detect threats that might otherwise be missed by humans. However, these new innovations aren't without vulnerability, threat actors can manipulate these systems using machine learning systems to provide inaccurate results, destroying their ability to protect information assets.
Common Machine Learning Attacks
There are different types of attacks that can be conducted on ML models; these vary based on the goals of the hacker and the stage that the program is in such as training or production.
An evasion attack is a way for hackers to confuse or trick a system by designing an input that is incorrectly identified by the ML models. This is usually a type of attack that takes place in an adversarial setting. An example of this would be a hacker attempting to avoid detection by modifying the contents of malicious codes. During an evasion attack, malicious samples are modified at test times to bypass detection.
Another example of evasion is the manipulation of images. By altering some pixels in a picture before they are uploaded to a computer, the image recognition system of an ML model will fail to sort the result. This can also fool humans.
- Train your model with all possible outcomes an attack might cause by introducing examples that an assailant may try to feed into the system
- Compress your model so that it becomes a smooth decision surface. That will allow less room for an attack to manipulate it
Machine learning algorithms require large quantities of data in order to train models. This takes time and many ML developers choose to download pre-published datasets from platforms such as GitHub or Kaggle, rather than create their own. However this comes with certain risks, many cyber experts warn that these datasets could be pawns for poisoning attacks.
Cybercriminals can create and distribute infected datasets which are then downloaded, allowing AI models to learn those data entries during training, thus learning malicious triggers. A model may behave as intended under normal conditions, but threat actors can remotely activate hidden triggers during an attack.
Platforms such as GitHub don’t have safeguards in place to prevent possible data poisoning schemes; this makes it very easy for hackers to spread contaminated data through online sources.
- Develop a method to inspect any data you haven’t created yourself for contamination
- Although it may be time-consuming, creating your own datasets will save more time than trying to mitigate a contaminated system
Privacy attacks often happen during the training phase. Their purpose is not to corrupt the training model, but rather to retrieve confidential data. During a privacy attack, hackers often explore systems to gain further information about the model itself or the dataset. This is usually accomplished through a membership interface, which is a specific type of attack that makes it possible to detect the data used to train ML models. In many cases, attackers can stage membership inference attacks without needing access to the model's parameters by just observing its output.
- Employ encryption techniques on the training data
- Avoid real-time training and train offline, this will let you evaluate the data and also discourage attackers as it cuts off the immediate feedback they can use to boost their attacks
Securiwiser is a comprehensive cyber security tool designed to ensure that your network, website, and devices run with no threats lurking in the shadows. With daily scanning, you can be sure that no anomalous activity on any of your systems will go unnoticed. Should any unusual activity be detected, you’ll be notified immediately and sent a detailed report explaining the findings of the scan. You will be told how to remedy the situation yourself if possible or where to turn should you need help from a third party to mitigate any issues. Securiwiser will also grade each aspect of your cyber security, this way you’ll know exactly what areas of your security posture need tightening.
Previous ArticleWhat is SIEM
How secure is
How secure is