A New Tool For Protecting ML Systems Security

Microsoft and Mitre have recently developed a plug-in that combines a number of open-source software tools to help protect Machine Learning (ML) systems from cyber attacks. Named Arsenal, the tool is a plugin for the MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS) framework, a knowledge base of adversarial tactics, techniques, and case studies.

MITRE is a non-profit implementer of US federally funded research and development centers. It typically works to address US government and wider cyber security industry concerns.

The collaboration with Microsoft on Arsenal is just one example of MITRE’s efforts to develop a family of tools addressing issues including trust, transparency, and fairness to better enable use of ML and AI systems for mission-critical applications in areas ranging from healthcare to national security. Microsoft. say that “AI and machine learning may embody the most consequential technology advances of our lifetime, bringing huge opportunities to build, discover, and create a better world.” 

The aim is for security practitioners to use Arsenal, which has been jointly derived from Microsoft’s Counterfeit, (an open-source tool to help developers assess the security of their machine learning systems) as an automated adversarial attack library to simulate attacks on ML systems, even if they lack a background in ML or AI.

 Arsenal helps cyber security researchers store and create adversarial tactics, techniques and procedures defined to interface with MITRE's  Caldera cyber security platform for running AI security risk assessments as an automated adversarial attack library.

The integration of Arsenal into Caldera is expected to help researchers identify novel vulnerabilities in the building blocks of ML workflows and produce protective measures to prevent exploitation of ML systems.

Arsenal includes a limited number of adversary profiles, based on publicly available information and Microsoft and MITRE plan to add new techniques and adversary profiles as researchers document new attacks on ML systems. Right now, Arsenal can be used on systems running Ubuntu 18.04 or 20.04 and requires Python versions 3.7 or higher to work.  The tool currently includes a limited number of adversary profiles based on publicly available information.

As security researchers document new attacks on ML systems, Microsoft and MITRE plan to continually evolve the tools to add new techniques and adversary profiles. “As the world looks to AI to positively change how organisations operate, it’s critical that steps are taken to help ensure the security of those AI and machine learning models that will empower the workforce to do more with less of a strain on time, budget and resources,” Microsoft program manager Ram Shankar said.

In addition to its Mitre collaboration, Microsoft has also worked with machine learning repository company Hugging Face on building an AI security scanner. “The reason we invest in research, tools and industry partnerships like those we’re announcing today is so we can understand the nature of what those attacks would entail, do our best to get ahead of them, and help others in the security community do the same... There is still so much to learn about AI, and we are continuously investing across our platforms and in red-team like research to learn about this technology and to help inform how it will be integrated into our platform and products,” says Microsoft.

The collaboration with Microsoft on Arsenal is one example of MITRE’s efforts to develop a family of tools addressing issues including trust, transparency, and fairness to better enable use of ML and AI systems for mission-critical applications in areas ranging from healthcare to national security.

Microsoft:    MITRE:   MSSP Alert:    Redmond Mag:    Security Week:    Business Wire:      Silicon:    ITPro

You Might Also Read: 

The Latest Artificial Intelligence Technologies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« A Warning From Ukraine About Russian Hackers
Conflict Drives A Significant Increase In DDoS Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

Oman Data Park

Oman Data Park

The Data Park is Oman’s premier IT Managed Services provider. We offer a superior Tier 3 Data Center network providing cyber security and cloud services.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.