Record summary
A quick snapshot of what this page covers.
Attack context
How this AI attack works in practice.
- ATLAS ID
- AML.T0063
- Priority score
- 52
Mitigations
Defenses that may help against this attack.
AML.M0017 - AI Model Distribution Methods
Avoiding the deployment of models to edge devices reduces an adversary's ability to collect sensitive information about the model outputs.
AML.M0019 - Control Access to AI Models and Data in Production
Controlling access to the model in production can help prevent adversaries from inferring information from the model outputs.
AML.M0012 - Encrypt Sensitive Information
Encrypting model outputs can prevent adversaries from discovering sensitive information about the AI-enabled system or its operations.
AML.M0002 - Passive AI Output Obfuscation
Obfuscating model outputs can prevent adversaries from collecting sensitive information about the model outputs.
Case studies
Examples from public reports and exercises.
ProofPoint Evasion
Proof Pudding (CVE-2019-20634) is a code repository that describes how ML researchers evaded ProofPoint's email protection system by first building a copy-cat email protection ML model, and using the insights to bypass the live system. More specifically, the insights allowed researchers to craft malicious emails that received preferable scores, going undetected by the system. Each word in an email is scored numerically based on multiple variables and if the overall score of the email is too low, ProofPoint will output an error, labeling it as SPAM.
Bypassing Cylance's AI Malware Detection
Researchers at Skylight were able to create a universal bypass string that evades detection by Cylance's AI Malware detector when appended to a malicious file.
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.