Home

Awesome

Annoucing ATLAS!

We are excited to announce the new and interactive release of the AdvML Threat Matrix under a newly branded name: ATLAS - Adversarial Threat Landscape for Artificial-Intelligence Systems!

Please visit our new website at https://atlas.mitre.org for the new interactive matrix, new case studies, and a tailored ATLAS Navigator!

Adversarial ML Threat Matrix - Table of Contents

  1. Adversarial ML 101
  2. Adversarial ML Threat Matrix
  3. Case Studies
  4. Contributors
  5. Feedback and Getting Involved
  6. Contact Us

The goal of this project is to position attacks on machine learning (ML) systems in an ATT&CK-style framework so that security analysts can orient themselves to these new and upcoming threats.

If you are new to how ML systems can be attacked, we suggest starting at this no-frills Adversarial ML 101 aimed at security analysts.

Or if you want to dive right in, head to Adversarial ML Threat Matrix.

Why Develop an Adversarial ML Threat Matrix?

Unlike traditional cybersecurity vulnerabilities that are tied to specific software and hardware systems, adversarial ML vulnerabilities are enabled by inherent limitations underlying ML algorithms. Data can be weaponized in new ways which requires an extension of how we model cyber adversary behavior, to reflect emerging threat vectors and the rapidly evolving adversarial machine learning attack lifecycle.

This threat matrix came out of partnership with 12 industry and academic research groups with the goal of empowering security analysts to orient themselves to these new and upcoming threats. The framework is seeded with a curated set of vulnerabilities and adversary behaviors that Microsoft and MITRE have vetted to be effective against production ML systems. We used ATT&CK as a template since security analysts are already familiar with using this type of matrix.

We recommend digging into Adversarial ML Threat Matrix.

To see the Matrix in action, we recommend seeing the curated case studies

alt text

Contributors

OrganizationContributors
MicrosoftRam Shankar Siva Kumar, Hyrum Anderson, Suzy Schapperle, Blake Strom, Madeline Carmichael, Matt Swann, Mark Russinovich, Nick Beede, Kathy Vu, Andi Comissioneru, Sharon Xia, Mario Goertzel, Jeffrey Snover, Derek Adam, Deepak Manohar, Bhairav Mehta, Peter Waxman, Abhishek Gupta, Ann Johnson, Andrew Paverd, Pete Bryan, Roberto Rodriguez, Will Pearce
MITREMikel Rodriguez, Christina Liaghati, Keith Manville, Michael Krumdick, Josh Harguess, Virginia Adams, Shiri Bendelac, Henry Conklin, Poomathi Duraisamy, David Giangrave, Emily Holt, Kyle Jackson, Nicole Lape, Sara Leary, Eliza Mace, Christopher Mobley, Savanna Smith, James Tanis, Michael Threet, David Willmes, Lily Wong
BoschManojkumar Parmar
IBMPin-Yu Chen
NVIDIADavid Reber Jr., Keith Kozo, Christopher Cottrell, Daniel Rohrer
AirbusAdam Wedgbury
PricewaterhouseCoopersMichael Montecillo
Deep InstinctNadav Maman, Shimon Noam Oren, Ishai Rosenberg
Two Six LabsDavid Slater
University of TorontoAdelin Travers, Jonas Guan, Nicolas Papernot
Cardiff UniversityPete Burnap
Software Engineering Institute/Carnegie Mellon UniversityNathan M. VanHoudnos
Berryville Institute of Machine LearningGary McGraw, Harold Figueroa, Victor Shepardson, Richie Bonett
Citadel AIKenny Song
McAfeeChristiaan Beek
UnaffiliatedKen Luu
Ant GroupHenry Xuef
Palo Alto NetworksMay Wang, Stefan Achleitner, Yu Fu, Ajaya Neupane, Lei Xu

Feedback and Getting Involved

The Adversarial ML Threat Matrix is a first-cut attempt at collating a knowledge base of how ML systems can be attacked. We need your help to make it holistic and fill in the missing gaps!

Corrections and Improvement

Contribute Case Studies

We are especially excited for new case-studies! We look forward to contributions from both industry and academic researchers. Before submitting a case-study, consider that the attack:

  1. Exploits one or more vulnerabilities that compromises the confidentiality, integrity or availability of ML system.
  2. The attack was against a production, commercial ML system. This can be on MLaaS like Amazon, Microsoft Azure, Google Cloud AI, IBM Watson etc or ML systems embedded in client/edge.
  3. You have permission to share the information/published this research. Please follow the proper channels before reporting a new attack and make sure you are practicing responsible disclosure.

You can email advmlthreatmatrix-core@googlegroups.com with summary of the incident and Adversarial ML Threat Matrix mapping.

Join our Mailing List

Contact Us

For corrections and improvement or to contribute a case study, see Feedback.