The U.S. National Institute of Standards and Technology (NIST) has released a comprehensive report titled "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations." The report focuses on the escalating concern of cyberattacks on Artificial Intelligence (AI) systems, providing insights into potential threats and possible defense strategies.
In a rapidly advancing era where AI plays an increasingly integral role in various aspects of life and business, NIST emphasizes the necessity of robust cybersecurity measures. The report begins by establishing a clear taxonomy and terminology for adversarial Machine Learning (ML), offering a foundation for developers to enhance the security of AI systems.
The report categorizes AI into two main types: predictive AI and generative AI. These systems, relying on extensive datasets, face the risk of corruption by malicious actors due to the impracticality of manual monitoring. NIST aims to equip developers with an understanding of potential attacks and strategies to mitigate them, recognizing that no single solution can entirely thwart cyber threats.
Evasion Attacks: These occur post-deployment, where users attempt to manipulate inputs to alter the system's response. For instance, tampering with road signs to confuse autonomous vehicles.
Poisoning Attacks: During the training phase, corrupted data is introduced. This includes inserting inappropriate language into conversation records to influence the behavior of AI-driven chatbots.
Privacy Attacks: Deployed attacks seeking to extract sensitive information about the AI or its training data, potentially for malicious purposes.
Abuse Attacks: Involving the input of false information from a legitimate but compromised source to mislead the AI.
These attacks vary in complexity, with Alina Oprea, co-author and a professor at Northeastern University, noting, "Most of these attacks are fairly easy to mount and require minimum knowledge of the AI system and limited adversarial capabilities." For example, poisoning attacks can be executed by manipulating a few dozen training samples.
Defensive measures recommended by NIST include augmenting training data with adversarial examples, monitoring performance metrics for significant degradation, employing data sanitization techniques, and other proactive strategies.
In summary, NIST's report serves as a valuable resource for developers, offering a structured understanding of potential threats to AI systems and practical defense mechanisms. As AI continues to evolve, safeguarding against cyber threats becomes imperative to ensure the integrity and reliability of these advanced technologies.
