It’s time to power AI and ML for cybersecurity

Machine Learning


AI and machine learning are hot topics in the tech industry, especially with ChatGPT and other generative AI taking over the headlines. So it’s no surprise that AI and ML were a big deal at RSA Conference 2023.

One session, Hardening AI/ML Systems — The Next Frontier of Cybersecurity, featured a panel discussion on why now is the time to work on securing AI and ML from malicious actors. was broken.

Moderator Bryan Vorndran, Assistant Director of the FBI’s Cyber ​​Division, explained that the attack surface will increase as organizations integrate AI and ML into their core business functions. “Attacks can occur at any stage of the AI ​​and ML development and deployment cycle,” he said. “Models, training data, and APIs can all be targeted.”

One problem is that protecting AI and ML from attacks is not a top priority for development teams.

“It is very important that anyone considering internal development, procurement, or adoption of AI systems do so with an added layer of risk mitigation or risk management,” said a member of the Office of the Director of National Intelligence’s Mission Function. Chief Executive Bob Laughton said. .

Additionally, the security industry is trying to figure out how best to protect AI and ML.

Current attacks use low-level sophistication

Current AI adversarial attacks are not very complex, the panel agreed. Christina Liaghati, AI strategy execution and operations manager at Miter, and Neil Serebryany, CEO of CalypsoAI, say that most attacks today are little more than malicious actors poking AI and ML systems until they destroy them. explained.

For example, the State Administration of Taxation of China was attacked by malicious actors leveraging facial recognition models to steal nearly $77 million. Attackers used black-market high-resolution images of faces and AI to create videos that make pictures appear to flash and move to trick facial recognition software.

AI adversarial attacks will evolve, Liaghati warned. But with the consistently successful low-level attacks, attackers still have no reason to evolve. However, this will change as the cybersecurity industry begins to implement good AI security and assurance practices.

How to mitigate AI and ML attacks

Adversarial AI attacks cannot be completely prevented, but their impact can be mitigated. Serebryany first suggested using a simpler model. For example, if you can use a linear regression model in your neural network, do so. “The smaller the model, the smaller the attack surface. The smaller the attack surface, the easier it is to secure,” he said.

From there, organizations need to have data lineage and understand the data they’re using to train AI and ML models, said Serebryany. We also invest in tools and products to test and monitor AI and ML models as they are deployed into production.

According to Liaghati, mitigation and hardening techniques don’t even have to be sophisticated or separate from normal cybersecurity practices. I suggested thinking about the amount of information you have. By not revealing what she’s doing, she said, it makes it harder for malicious attackers to know how to attack her AI and ML models in the first place.

Early days of AI and ML attacks

The panel stresses that adversarial attacks by AI are just the beginning. “We are aware of the fact that there is a threat and we are seeing early incidents of it, but the threat is not yet in full swing,” Serebryany said. “We have a unique opportunity to get serious about building a culture of mitigation and understanding of the next generation of adversarial ML risk.”

Just as attackers are discovering ways to exploit AI and ML, organizations are discovering the pros and cons of using AI and ML in their day-to-day operations, and how to strengthen them. The panel recommended that organizations spend time learning and understanding potential cybersecurity issues in specific uses of technology, and define attitudes and solutions to address those issues.

The information security community also needs to be active, and this includes building partnerships. Lawton spoke about how the federal government and the intelligence community are working together on AI and ML cybersecurity. The goal is to build a network of developers and practitioners to build AI and ML security capabilities now, not later.

“We need to share ground truth about data, what is really happening, and tools and techniques that can be shared across the community to actually do something,” added Liaghati.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *