Passive AI Output Obfuscation - AI Mitigation

Record summary

A quick snapshot of what this page covers.

Techniques11Attacks this defense is designed to help with.

Lifecycle2Where this defense applies in the AI lifecycle.

Categories1How the source groups this defense.

Control summary

What this defense is meant to help prevent.

ATLAS ID: AML.M0002
Priority score: 55

DeploymentML Model Evaluation

Technical - ML

Covered techniques

Attacks this defense is designed to help with.

AML.T0043.001 - Black-Box Optimization

demonstrated

Obfuscating model outputs reduces an adversary's ability to create effective adversarial inputs.

AML.T0043 - Craft Adversarial Data

realized

Obfuscating model outputs reduces an adversary's ability to generate effective adversarial data.

AML.T0005 - Create Proxy AI Model

demonstrated

Obfuscating model outputs can reduce an adversary's ability to produce an accurate proxy model.

AML.T0014 - Discover AI Model Family

feasible

Suggested approaches:

Restrict the number of results shown
Limit specificity of output class ontology
Use randomized smoothing techniques
Reduce the precision of numerical outputs

AML.T0013 - Discover AI Model Ontology

demonstrated

Suggested approaches:

Restrict the number of results shown
Limit specificity of output class ontology
Use randomized smoothing techniques
Reduce the precision of numerical outputs

AML.T0063 - Discover AI Model Outputs

demonstrated

Obfuscating model outputs can prevent adversaries from collecting sensitive information about the model outputs.

AML.T0024.002 - Extract AI Model

realized

Suggested approaches:

Restrict the number of results shown
Limit specificity of output class ontology
Use randomized smoothing techniques
Reduce the precision of numerical outputs

AML.T0024.000 - Infer Training Data Membership

feasible

Suggested approaches:

Restrict the number of results shown
Limit specificity of output class ontology
Use randomized smoothing techniques
Reduce the precision of numerical outputs

AML.T0024.001 - Invert AI Model

feasible

Suggested approaches:

Restrict the number of results shown
Limit specificity of output class ontology
Use randomized smoothing techniques
Reduce the precision of numerical outputs

AML.T0005.001 - Train Proxy via Replication

demonstrated

Obfuscating model outputs restricts an adversary's ability to create an accurate proxy model by querying a model and observing its outputs.

AML.T0042 - Verify Attack

demonstrated

Obfuscating model outputs reduces an adversary's ability to verify the efficacy of an attack.

Source

Where this page information comes from.

Original source

Original source links

Open the public records and source datasets used for this page.

Repositoryhttps://github.com/mitre-atlas/atlas-data ATLAS.yamlhttps://github.com/mitre-atlas/atlas-data/blob/main/dist/ATLAS.yaml Schemahttps://github.com/mitre-atlas/atlas-data/blob/main/dist/schemas/atlas_output_schema.json