Microsoft, Mitre Develop Tool to Deter Cyberattacks on Machine Learning Systems
Microsoft and Mitre have jointly developed a plug-in that combines a number of open-source software tools to help protect machine learning (ML) systems from cyberattacks.
The tool, dubbed Arsenal, applies tactics and techniques as defined in the Mitre Atlas (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework. It combines:
- Mitre Atlas, a knowledge base of adversary tactics, techniques, and case studies for ML systems based on real-world observations, demonstrations and academic research
- Microsoft’s Counterfit, a tool that enables ML researchers to implement a variety of adversarial attacks on AI algorithms
- Mitre Caldera, a platform for adversarial emulation
Security practitioners can use Arsenal, which has been jointly built off of Microsoft’s Counterfit, as an automated adversarial attack library to simulate attacks on ML systems even if they lack a background in ML or AI, the companies said. The plug-in enables Caldera to emulate adversarial attacks and behaviors using Microsoft’s Counterfit library.
“This new tool integration brings together Microsoft Counterfit, Mitre Caldera and Mitre Atlas to help security practitioners better understand threats to ML systems,” Microsoft Threat Intelligence wrote in a blog post. “This will enable security teams to proactively look for weaknesses in AI and machine learning models and fix them before an attacker can take advantage.”
Charles Clancy, Ph.D., senior vice president, general manager, Mitre Labs, and chief futurist, commented:
“Bringing these tools together is a major win for the cybersecurity community because it provides insights into how adversarial machine learning attacks play out. Working together to address potential security flaws with machine learning systems will help improve user trust and better enable these systems to have a positive impact on society.”
The tool currently includes a limited number of adversary profiles based on information publicly available today. As security researchers document new attacks on ML systems, Microsoft and Mitre plan to continually evolve the tools to add new techniques and adversary profiles.