Record summary
A quick snapshot of what this page covers.
Attack context
How this AI attack works in practice.
- ATLAS ID
- AML.T0043.000
- Priority score
- 58
Mitigations
Defenses that may help against this attack.
AML.M0017 - AI Model Distribution Methods
With full access to the model, an adversary could perform white-box attacks.
AML.M0015 - Adversarial Input Detection
Incorporate adversarial input detection to block malicious inputs at inference time.
AML.M0005 - Control Access to AI Models and Data at Rest
Access controls can reduce unnecessary access to AI models and prevent an adversary from achieving white-box access.
AML.M0010 - Input Restoration
Input restoration can help remediate adversarial inputs.
AML.M0003 - Model Hardening
Hardened models are more robust to adversarial inputs.
AML.M0006 - Use Ensemble Methods
Using an ensemble of models increases the difficulty of crafting effective adversarial data and improves overall robustness.
Case studies
Examples from public reports and exercises.
Face Identification System Evasion via Physical Countermeasures
MITRE's AI Red Team demonstrated a physical-domain evasion attack on a commercial face identification service with the intention of inducing a targeted misclassification. This operation had a combination of traditional MITRE ATT&CK techniques such as finding valid accounts and executing code via an API - all interleaved with adversarial ML specific attacks.
Microsoft Azure Service Disruption
The Microsoft AI Red Team performed a red team exercise on an internal Azure service with the intention of disrupting its service. This operation had a combination of traditional ATT&CK enterprise techniques such as finding valid account, and exfiltrating data -- all interleaved with adversarial ML specific steps such as offline and online evasion examples.
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.