New attack methods are constantly emerging and need detailed study
NIST, May 19, 2021
As the artificial intelligence began to be used together practically in all spheres of human activity, the question of trust in it also became acute. This issue has been examined by the National Institute of Standards and Technology (NIST) in a new draft publication called “Artificial Intelligence and User Trust (NISTIR 8332).”
“Many factors get incorporated into our decisions about trust,” commented Brian Stanton, one of the publication’s authors. “It’s how the user thinks and feels about the system and perceives the risks involved in using it.”
The Daily Swig, May 24, 2021
A new slowdown adversarial attack dubbed DeepSloth has been developed by scientists at the University of Maryland, College Park. It is a DoS-style attack that can make ML systems slow to a crawl. The impact of an attack can affect server performance and cause critical application failures. By performing slight changes in the input data, the attack prevents multi-exit neural networks from making early exits thus significantly slowing down the entire system.
The new attack has recently been demonstrated at the International Conference on Learning Representations (ICLR). Such attacks require more careful study, since their successful application can lead to significant failures in the operation of an entire neural network.
The State of Security, May 20, 2021
MITRE Adversarial Tactics, Techniques and Common Knowledge, or MITRE ATT&CK for short, is a knowledge base of adversarial behavior consisting of real-life observation of APT campaigns.
The original goal of the project was to answer the question “How are we doing at detecting documented adversary behavior?” The project was launched in 2015 and has since expanded to include such domains as threat hunting, threat intelligence, risk management, incident response and others.
Among the main components of ATT&CK, or adversarial behaviors, there are structured tactics, techniques and other components. With the help of the framework, it is possible to perform such tasks as mapping between defensive controls and ATT&CK, solve threat hunting, incident response and threat intelligence issues.