A comprehensive solution to combat these threats does not exist, as outlined in a report by NIST addressing adversarial machine learning attacks and mitigation strategies.
Adversarial machine learning (AML), aimed at achieving specific outcomes, involves extracting information about the characteristics and actions of an artificial intelligence (AI) system and manipulating its inputs.
NIST’s advisory publication highlights the range of challenges that can undermine AI systems, emphasizing the absence of foolproof safeguards. The organization advocates for heightened vigilance against emerging threats.
Titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations” (NIST AI. 100-2), the report delves into both relational and predictive AI. While the former leverages historical data to predict future outcomes, the latter focuses on generating novel information.
The NIST report, developed in collaboration with experts from Northeastern University and Robust Intelligence Inc., categorizes attacks into four main types: evasion, poisoning, defense, and exploitation.
An example of an evasion attack, as illustrated by NIST, involves altering a perception to manipulate the system’s response, such as distorting lane markings to mislead an autonomous vehicle.
In a poisoning attack, adversaries inject corrupted data during the AI’s training phase. For instance, by introducing instances of inappropriate language into dialogue records, attackers can manipulate the AI’s language processing.
Under abuse scenarios, threat actors attempt to compromise legitimate training data sources, posing privacy risks by analyzing a chatbot’s interactions to uncover vulnerabilities in the AI system.
Despite the significant advancements in AI and machine learning, Professor Apostol Vassilev from NIST warns of persistent vulnerabilities that could lead to severe consequences. He cautions against overestimating the security of AI algorithms, emphasizing the unresolved theoretical challenges.
The recent NIST report received accolades from Joseph Thacker, a principal AI engineer and security researcher at AppOmni, who praised its comprehensive coverage of AI security threats. Thacker highlighted the report’s detailed insights and terminology, underscoring its value in understanding and mitigating adversarial attacks on AI systems.
Troy Batterberry, CEO of EchoMark, a company specializing in safeguarding data through embedded watermarks, commended NIST’s efforts to enhance awareness of AI threats. Batterberry emphasized the importance of preparing for AI attacks to maintain trust and integrity in AI-driven business solutions.
In conclusion, the NIST report serves as a valuable resource for developers seeking to fortify AI systems against adversarial attacks, underscoring the critical need for proactive defense strategies in an increasingly AI-dependent landscape.
