A New Tool For Protecting ML Systems Security

Uploaded on 2023-03-13 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Developments, FREE TO VIEW

Microsoft and Mitre have recently developed a plug-in that combines a number of open-source software tools to help protect Machine Learning (ML) systems from cyber attacks. Named Arsenal, the tool is a plugin for the MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS) framework, a knowledge base of adversarial tactics, techniques, and case studies.

MITRE is a non-profit implementer of US federally funded research and development centers. It typically works to address US government and wider cyber security industry concerns.

The collaboration with Microsoft on Arsenal is just one example of MITRE’s efforts to develop a family of tools addressing issues including trust, transparency, and fairness to better enable use of ML and AI systems for mission-critical applications in areas ranging from healthcare to national security. Microsoft. say that “AI and machine learning may embody the most consequential technology advances of our lifetime, bringing huge opportunities to build, discover, and create a better world.” 

The aim is for security practitioners to use Arsenal, which has been jointly derived from Microsoft’s Counterfeit, (an open-source tool to help developers assess the security of their machine learning systems) as an automated adversarial attack library to simulate attacks on ML systems, even if they lack a background in ML or AI.

 Arsenal helps cyber security researchers store and create adversarial tactics, techniques and procedures defined to interface with MITRE's  Caldera cyber security platform for running AI security risk assessments as an automated adversarial attack library.

The integration of Arsenal into Caldera is expected to help researchers identify novel vulnerabilities in the building blocks of ML workflows and produce protective measures to prevent exploitation of ML systems.

Arsenal includes a limited number of adversary profiles, based on publicly available information and Microsoft and MITRE plan to add new techniques and adversary profiles as researchers document new attacks on ML systems. Right now, Arsenal can be used on systems running Ubuntu 18.04 or 20.04 and requires Python versions 3.7 or higher to work.  The tool currently includes a limited number of adversary profiles based on publicly available information.

As security researchers document new attacks on ML systems, Microsoft and MITRE plan to continually evolve the tools to add new techniques and adversary profiles. “As the world looks to AI to positively change how organisations operate, it’s critical that steps are taken to help ensure the security of those AI and machine learning models that will empower the workforce to do more with less of a strain on time, budget and resources,” Microsoft program manager Ram Shankar said.

In addition to its Mitre collaboration, Microsoft has also worked with machine learning repository company Hugging Face on building an AI security scanner. “The reason we invest in research, tools and industry partnerships like those we’re announcing today is so we can understand the nature of what those attacks would entail, do our best to get ahead of them, and help others in the security community do the same... There is still so much to learn about AI, and we are continuously investing across our platforms and in red-team like research to learn about this technology and to help inform how it will be integrated into our platform and products,” says Microsoft.

The collaboration with Microsoft on Arsenal is one example of MITRE’s efforts to develop a family of tools addressing issues including trust, transparency, and fairness to better enable use of ML and AI systems for mission-critical applications in areas ranging from healthcare to national security.

Microsoft:    MITRE:   MSSP Alert:    Redmond Mag:    Security Week:    Business Wire:      Silicon:    ITPro

You Might Also Read: 

The Latest Artificial Intelligence Technologies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« A Warning From Ukraine About Russian Hackers
Conflict Drives A Significant Increase In DDoS Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

TekSek Cyber Security

TekSek Cyber Security

Preparing you for tomorrow's security threats.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

NANDoff Data Recovery

NANDoff Data Recovery

NANDoff is a flat rate data recovery service. We serve the electronics industry around the globe 24/7.

Citizen Lab - University of Toronto

Citizen Lab - University of Toronto

Citizen Lab focuses on research and development at the intersection of cyberspace, global security & human rights.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

QA Consultants

QA Consultants

QA Consultants is North America’s largest software quality engineering services firm, an award-winning onshore provider of software testing and quality assurance solutions.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Eqlipse Technologies

Eqlipse Technologies

Eqlipse Technologies provides products and high-end engineering solutions to customers in the Department of Defense and Intelligence Community.

CUBE3 AI

CUBE3 AI

CUBE3.AI is a web3 security platform that provides real-time transaction protection for smart contracts, safeguarding against cyber exploits, fraud, and compliance risks.

Cybervergent

Cybervergent

Cybervergent (formerly Infoprive) are a leading cybersecurity technology company in Africa. We provide cybersecurity guidance and solutions that help protect your business.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.