Although cyberattacks on machine learning (ML) production systems can be harmful, today, security practitioners are ill equipped, lacking methodologies and tactical tools that would allow them to analyze the security risks of their ML-based systems. In this paper, we performed a comprehensive threat analysis of ML production systems. In this analysis, we follow the ontology presented by NIST for evaluating enterprise network security risk and apply it to ML-based production systems. Specifically, we (1) enumerate the assets of a typical ML production system, (2) describe the threat model (i.e., potential adversaries, their capabilities, and their main goal), (3) identify the various threats to ML systems, and (4) review a large number of attacks, demonstrated in previous studies, which can realize these threats. In addition, to quantify the risk of adversarial machine learning (AML) threat, we introduce a novel scoring system, which assign a severity score to different AML attacks. The proposed scoring system utilizes the analytic hierarchy process (AHP) for ranking, with the assistance of security experts, various attributes of the attacks. Finally, we developed an extension to the MulVAL attack graph generation and analysis framework to incorporate cyberattacks on ML production systems. Using the extension, security practitioners can apply attack graph analysis methods in environments that include ML components; thus, providing security practitioners with a methodological and practical tool for evaluating the impact and quantifying the risk of a cyberattack targeting an ML production system.
翻译:虽然对机械学习(ML)生产系统的网络攻击可能有害,但如今,安全从业人员装备不足,缺乏方法和战术工具,无法分析其基于ML的系统的安全风险;在本文件中,我们对ML生产系统进行了全面威胁分析;在分析中,我们遵循了NIST为评价企业网络安全风险而提出的肿瘤学,并将其应用于基于ML的生产系统。具体地说,我们(1)列举了典型ML生产系统的资产,(2)描述了威胁模式(即潜在对手、其能力和主要目标),(3)查明了对ML系统的各种威胁,(4)审查了以往研究显示的大量袭击,这些袭击能够实现这些威胁。除了量化对抗性机器学习(AML)威胁的风险外,我们引入了一个新的评分系统,对不同的AML攻击行为给予严格的评分。拟议的评分系统利用分析性等级进程(AHP),在安全专家的协助下,对袭击的各种属性进行了排名。最后,我们为MVAL攻击性袭击目标系统、ML攻击性袭击性袭击性操作者、ML攻击性生产方法分析框架提供了评估范围,从而将ML攻击性生产方法分析纳入网络攻击性系统。