From 9f4e920739d7baf30f69bd8be2cb3884aee2d2c5 Mon Sep 17 00:00:00 2001 From: aryanxk02 Date: Tue, 5 Sep 2023 23:26:40 +0530 Subject: [PATCH 1/2] refactor: adversarial attack to input manipulation --- ...=> ML01_2023-Input_Manipulation_Attack.md} | 22 +++++++++---------- index.md | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) rename docs/{ML01_2023-Adversarial_Attack.md => ML01_2023-Input_Manipulation_Attack.md} (81%) diff --git a/docs/ML01_2023-Adversarial_Attack.md b/docs/ML01_2023-Input_Manipulation_Attack.md similarity index 81% rename from docs/ML01_2023-Adversarial_Attack.md rename to docs/ML01_2023-Input_Manipulation_Attack.md index e7fc89c..c8cc547 100644 --- a/docs/ML01_2023-Adversarial_Attack.md +++ b/docs/ML01_2023-Input_Manipulation_Attack.md @@ -7,7 +7,7 @@ auto-migrated: 0 document: OWASP Machine Learning Security Top Ten 2023 year: 2023 order: 1 -title: ML01:2023 Adversarial Attack +title: ML01:2023 Input Manipulation Attack lang: en tags: [ @@ -24,21 +24,21 @@ technical: 5 ## Description -Adversarial attacks are a type of attack in which an attacker deliberately +Input Manipulation Attacks present under the umbrella term – Adversarial attacks are a type of attack in which an attacker deliberately alters input data to mislead the model. ## How to Prevent -**Adversarial training:** One approach to defending against adversarial attacks +**Adversarial training:** One approach to defending against input manipulation attack is to train the model on adversarial examples. This can help the model become more robust to attacks and reduce its susceptibility to being misled. **Robust models:** Another approach is to use models that are designed to be -robust against adversarial attacks, such as adversarial training or models that +robust against manipulative attacks, such as adversarial training or models that incorporate defense mechanisms. **Input validation:** Input validation is another important defense mechanism -that can be used to detect and prevent adversarial attacks. This involves +that can be used to detect and prevent input manipulation attacks. This involves checking the input data for anomalies, such as unexpected values or patterns, and rejecting inputs that are likely to be malicious. @@ -46,8 +46,8 @@ and rejecting inputs that are likely to be malicious. | Threat Agents/Attack Vectors | Security Weakness | Impact | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------: | :---------------------------------------------------------------------------------------------------------------------------: | -| Exploitability: 5 (Easy)

_ML Application Specific: 4_
_ML Operations Specific: 3_ | Detectability: 3 (Moderate)

_The adversarial image may not be noticeable to the naked eye, making it difficult to detect the attack._ | Technical: 5 (Difficult)

_The attack requires technical knowledge of deep learning and image processing techniques._ | -| Threat Agent: Attacker with knowledge of deep learning and image processing techniques.

Attack Vector: Deliberately crafted adversarial image that is similar to a legitimate image. | Vulnerability in the deep learning model's ability to classify images accurately. | Misclassification of the image, leading to security bypass or harm to the system. | +| Exploitability: 5 (Easy)

_ML Application Specific: 4_
_ML Operations Specific: 3_ | Detectability: 3 (Moderate)

_The manipulated image may not be noticeable to the naked eye, making it difficult to detect the attack._ | Technical: 5 (Difficult)

_The attack requires technical knowledge of deep learning and image processing techniques._ | +| Threat Agent: Attacker with knowledge of deep learning and image processing techniques.

Attack Vector: Deliberately crafted manipulated image that is similar to a legitimate image. | Vulnerability in the deep learning model's ability to classify images accurately. | Misclassification of the image, leading to security bypass or harm to the system. | It is important to note that this chart is only a sample based on [the scenario below](#scenario1) only. The actual risk assessment will depend on @@ -58,18 +58,18 @@ the specific circumstances of each machine learning system. ### Scenario \#1: Image classification {#scenario1} A deep learning model is trained to classify images into different categories, -such as dogs and cats. An attacker creates an adversarial image that is very +such as dogs and cats. An attacker manipulates the original image that is very similar to a legitimate image of a cat, but with small, carefully crafted perturbations that cause the model to misclassify it as a dog. When the model is -deployed in a real-world setting, the attacker can use the adversarial image to +deployed in a real-world setting, the attacker can use the manipulated image to bypass security measures or cause harm to the system. ### Scenario \#2: Network intrusion detection A deep learning model is trained to detect intrusions in a network. An attacker -creates adversarial network traffic by carefully crafting packets in such a way +manipulates network traffic by carefully crafting packets in such a way that they will evade the model\'s intrusion detection system. The attacker can -manipulate the features of the network traffic, such as the source IP address, +alter the features of the network traffic, such as the source IP address, destination IP address, or payload, in such a way that they are not detected by the intrusion detection system. For example, the attacker may hide their source IP address behind a proxy server or encrypt the payload of their network diff --git a/index.md b/index.md index 6811e26..e9e389b 100644 --- a/index.md +++ b/index.md @@ -29,7 +29,7 @@ in our ## Top 10 Machine Learning Security Risks -- [**ML01:2023 Adversarial Attack**](/docs/ML01_2023-Adversarial_Attack.md) +- [**ML01:2023 Input Manipulation Attack**](/docs/ML01_2023-Input_Manipulation_Attack.md) - [**ML02:2023 Data Poisoning Attack**](/docs/ML02_2023-Data_Poisoning_Attack.md) - [**ML03:2023 Model Inversion Attack**](/docs/ML03_2023-Model_Inversion_Attack.md) - [**ML04:2023 Membership Inference Attack**](/docs/ML04_2023-Membership_Inference_Attack.md) From 92557378be6de4da2d09908014b756d7894c92cc Mon Sep 17 00:00:00 2001 From: Shain Singh Date: Wed, 6 Sep 2023 19:50:43 +0530 Subject: [PATCH 2/2] fix: minor changes to ML01_Input_Manipulation_Attacks --- docs/ML01_2023-Input_Manipulation_Attack.md | 31 +++++++++++---------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/docs/ML01_2023-Input_Manipulation_Attack.md b/docs/ML01_2023-Input_Manipulation_Attack.md index c8cc547..68dcf44 100644 --- a/docs/ML01_2023-Input_Manipulation_Attack.md +++ b/docs/ML01_2023-Input_Manipulation_Attack.md @@ -24,14 +24,15 @@ technical: 5 ## Description -Input Manipulation Attacks present under the umbrella term – Adversarial attacks are a type of attack in which an attacker deliberately -alters input data to mislead the model. +Input Manipulation Attacks is an umbrella term, which include Adversarial +Attacks, a type of attack in which an attacker deliberately alters input data to +mislead the model. ## How to Prevent -**Adversarial training:** One approach to defending against input manipulation attack -is to train the model on adversarial examples. This can help the model become -more robust to attacks and reduce its susceptibility to being misled. +**Adversarial training:** One approach to defending against input manipulation +attack is to train the model on adversarial examples. This can help the model +become more robust to attacks and reduce its susceptibility to being misled. **Robust models:** Another approach is to use models that are designed to be robust against manipulative attacks, such as adversarial training or models that @@ -55,7 +56,7 @@ the specific circumstances of each machine learning system. ## Example Attack Scenarios -### Scenario \#1: Image classification {#scenario1} +### Scenario \#1: Input manipulation of Image Classification systems {#scenario1} A deep learning model is trained to classify images into different categories, such as dogs and cats. An attacker manipulates the original image that is very @@ -64,16 +65,16 @@ perturbations that cause the model to misclassify it as a dog. When the model is deployed in a real-world setting, the attacker can use the manipulated image to bypass security measures or cause harm to the system. -### Scenario \#2: Network intrusion detection +### Scenario \#2: Manipulation of network traffic to evade intrusion detection systems {#scenario2} A deep learning model is trained to detect intrusions in a network. An attacker -manipulates network traffic by carefully crafting packets in such a way -that they will evade the model\'s intrusion detection system. The attacker can -alter the features of the network traffic, such as the source IP address, -destination IP address, or payload, in such a way that they are not detected by -the intrusion detection system. For example, the attacker may hide their source -IP address behind a proxy server or encrypt the payload of their network -traffic. This type of attack can have serious consequences, as it can lead to -data theft, system compromise, or other forms of damage. +manipulates network traffic by carefully crafting packets in such a way that +they will evade the model\'s intrusion detection system. The attacker can alter +the features of the network traffic, such as the source IP address, destination +IP address, or payload, in such a way that they are not detected by the +intrusion detection system. For example, the attacker may hide their source IP +address behind a proxy server or encrypt the payload of their network traffic. +This type of attack can have serious consequences, as it can lead to data theft, +system compromise, or other forms of damage. ## References