A New Tool For Protecting ML Systems Security

Uploaded on 2023-03-13 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Developments, FREE TO VIEW

Microsoft and Mitre have recently developed a plug-in that combines a number of open-source software tools to help protect Machine Learning (ML) systems from cyber attacks. Named Arsenal, the tool is a plugin for the MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS) framework, a knowledge base of adversarial tactics, techniques, and case studies.

MITRE is a non-profit implementer of US federally funded research and development centers. It typically works to address US government and wider cyber security industry concerns.

The collaboration with Microsoft on Arsenal is just one example of MITRE’s efforts to develop a family of tools addressing issues including trust, transparency, and fairness to better enable use of ML and AI systems for mission-critical applications in areas ranging from healthcare to national security. Microsoft. say that “AI and machine learning may embody the most consequential technology advances of our lifetime, bringing huge opportunities to build, discover, and create a better world.” 

The aim is for security practitioners to use Arsenal, which has been jointly derived from Microsoft’s Counterfeit, (an open-source tool to help developers assess the security of their machine learning systems) as an automated adversarial attack library to simulate attacks on ML systems, even if they lack a background in ML or AI.

 Arsenal helps cyber security researchers store and create adversarial tactics, techniques and procedures defined to interface with MITRE's  Caldera cyber security platform for running AI security risk assessments as an automated adversarial attack library.

The integration of Arsenal into Caldera is expected to help researchers identify novel vulnerabilities in the building blocks of ML workflows and produce protective measures to prevent exploitation of ML systems.

Arsenal includes a limited number of adversary profiles, based on publicly available information and Microsoft and MITRE plan to add new techniques and adversary profiles as researchers document new attacks on ML systems. Right now, Arsenal can be used on systems running Ubuntu 18.04 or 20.04 and requires Python versions 3.7 or higher to work.  The tool currently includes a limited number of adversary profiles based on publicly available information.

As security researchers document new attacks on ML systems, Microsoft and MITRE plan to continually evolve the tools to add new techniques and adversary profiles. “As the world looks to AI to positively change how organisations operate, it’s critical that steps are taken to help ensure the security of those AI and machine learning models that will empower the workforce to do more with less of a strain on time, budget and resources,” Microsoft program manager Ram Shankar said.

In addition to its Mitre collaboration, Microsoft has also worked with machine learning repository company Hugging Face on building an AI security scanner. “The reason we invest in research, tools and industry partnerships like those we’re announcing today is so we can understand the nature of what those attacks would entail, do our best to get ahead of them, and help others in the security community do the same... There is still so much to learn about AI, and we are continuously investing across our platforms and in red-team like research to learn about this technology and to help inform how it will be integrated into our platform and products,” says Microsoft.

The collaboration with Microsoft on Arsenal is one example of MITRE’s efforts to develop a family of tools addressing issues including trust, transparency, and fairness to better enable use of ML and AI systems for mission-critical applications in areas ranging from healthcare to national security.

Microsoft:    MITRE:   MSSP Alert:    Redmond Mag:    Security Week:    Business Wire:      Silicon:    ITPro

You Might Also Read: 

The Latest Artificial Intelligence Technologies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« A Warning From Ukraine About Russian Hackers
Conflict Drives A Significant Increase In DDoS Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Siepel

Siepel

Siepel manufactures high quality shielded rooms and anechoic chambers dedicated to TEMPEST, NEMP & HIRF.

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Everything Blockchain

Everything Blockchain

Everything Blockchain offer solutions that transform enterprise data-management capabilities. Increased efficiency, super-charged performance and all with government grade security.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.