Microsoft and Mitre have announced the release of a new tool designed to help cybersecurity professionals emulate attacks on machine learning (ML) systems.
Called Arsenal, the tool is a plugin for the Mitre ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework, a knowledge base of adversarial tactics, techniques, and case studies.
ATLAS is meant to raise awareness of the threats to ML systems, while Arsenal helps cybersecurity researchers store and create adversarial tactics, techniques, and procedures (TTPs) defined in ATLAS to interface with CALDERA, the cybersecurity platform that automates adversary emulation.
Arsenal uses Microsoft’s Counterfit automation tool for running artificial intelligence (AI) security risk assessments as an automated adversarial attack library and enables CALDERA to emulate attacks using the Counterfit library.
The integration of Arsenal into CALDERA is expected to help researchers identify novel vulnerabilities in the building blocks of ML workflows and come up with protections to prevent exploitation of ML systems.
At the moment, Arsenal includes a limited number of adversary profiles, based on publicly available information. Microsoft and Mitre plan to add new techniques and adversary profiles as researchers document new attacks on ML systems.
Arsenal can be used on systems running Ubuntu 18.04 or 20.04 and requires Python versions 3.7 or higher to work.
“As the world looks to AI to positively change how organizations operate, it’s critical that steps are taken to help ensure the security of those AI and machine learning models that will empower the workforce to do more with less of a strain on time, budget and resources,” Microsoft program manager Ram Shankar said.
Related: SecurityWeek Cyber Insights 2023 | Artificial Intelligence
Related: Microsoft, MITRE Release Adversarial Machine Learning Threat Matrix
Related: Are Artificial Intelligence and Machine Learning Just a Temporary Advantage to Defenders?
More from Ionut Arghire
- Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
- Discern Security Emerges From Stealth Mode With $3 Million in Funding
- DHS Publishes New Recommendations on Cyber Incident Reporting
- GitLab Patches Critical Pipeline Execution Vulnerability
- Alcion Raises $21 Million for Backup-as-a-Service Platform
- Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices
- Thousands of Juniper Appliances Vulnerable to New Exploit
- Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign
Latest News
- Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
- MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
- Staying on Topic in an Off Topic World
- Discern Security Emerges From Stealth Mode With $3 Million in Funding
- DHS Publishes New Recommendations on Cyber Incident Reporting
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
