Understanding ML and AI attacks
All the stages mentioned in the previous section use multiple techniques to achieve each goal. The adversary can use these techniques alone, sequentially, or combined. Some attacks can be repeated and used in various stages for different purposes. It all depends on the adversary’s goal, which is why by applying Zero Trust principles and always verifying all levels of the system, we have a better chance of protecting our services or at least detecting an incident before it has time to do any extensive damage to the system.
Here, we will describe the most common AI and ML attacks per stage. We will also talk about attacks from the MITRE ATT&CK framework that, although not ML-specific, can be used to access systems that contain ML capabilities, among other things. Although we will outline the possible mitigations for each attack, we will go through the implementations in more detail in the following chapters.
Let us explore the attack techniques...