Research and classification of the main types of attacks on artificial intelligence systems in cybersecurity

doi:10.26565/2519-2310-2024-2-01

Vladyslav Vilihura PhD, Senior Lecture, V. N. Karazin Kharkiv National University, Ukraine https://orcid.org/0000-0002-1137-2382
Yelyzaveta Ostrianska junior researcher, V. N. Karazin Kharkiv National University, Ukraine https://orcid.org/0000-0003-1412-8470

DOI: https://doi.org/10.26565/2519-2310-2024-2-01

Keywords: artificial intelligence, cyberattacks, machine learning, cybersecurity, federated learning

Abstract

The modern development of artificial intelligence (AI) and machine learning (ML) opens up new opportunities in the field of cybersecurity, but at the same time creates serious challenges in the form of intelligent cyberattacks. The study is devoted to the analysis and classification of ways to use AI for malicious purposes and the study of effective methods to counter such threats. In particular, the article covers the main types of attacks using ML technologies, which demonstrate how attackers can manipulate machine learning algorithms, undermine trust in data, and bypass protection systems. Special attention is paid to the mechanisms of data poisoning attacks, as they are considered the most influential in machine learning, which involve introducing malicious data into the process of training models, which leads to distortion of results and undermines the effectiveness of security algorithms. Privacy attacks are analyzed as a way to obtain confidential information from ML models, which can be used to steal user data. Abuse attacks demonstrate how attackers can use AI tools to automate attacks, scale phishing campaigns, and analyze vulnerabilities in defense systems. The relevance of the study is due to the fact that traditional approaches to cyber defense are no longer able to effectively counter threats that adapt and evolve due to machine learning. The article emphasizes the critical importance of researching defense methods, in particular, building reliable machine learning systems that have built-in mechanisms for detecting anomalies and adapting to new threats. One of the key approaches is federated learning, which allows training models without centralized data storage, reducing the risk of information leakage. The development of deep learning in the field of cyber defense is also considered, which allows analyzing behavioral patterns of threats in real time. The combination of technological measures with human control remains an important aspect, since, despite the power of AI tools, the human factor remains key in the process of ensuring cybersecurity. Thus, the article demonstrates the balance between the opportunities and threats of AI in the field of cybersecurity, emphasizing the need for further research in the direction of resilient ML models that can effectively resist attacks. Without proper regulation and control, AI can become not only a defender, but also a tool for attackers, which requires the development of new security strategies and international regulation in the field of cybersecurity.

Downloads

Download data is not yet available.

References

Vassilev A., Oprea A., Fordyce A., Anderson H. (2024) Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. (National Institute of Standards and Technology, Gaithersburg, MD) NIST Artificial Intelligence (AI) Report, NIST Trustworthy and Responsible AI NIST AI 100-2e2023. – Access mode: https://doi.org/10.6028/NIST.AI.100-2e2023

Booth H., Souppaya M., Vassilev A., Ogata M., Stanley M., Scarfone K. (2024) Secure Development Practices for Generative AI and Dual-Use Foundation AI Models: An SSDF Community Profile. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-218A. – Access mode: https://doi.org/10.6028/NIST.SP.800-218A

Oprea A., Singhal A. and Vassilev A.. (2022) Poisoning Attacks Against Machine Learning: Can Machine Learning Be Trustworthy?, in Computer, vol. 55, no. 11, pp. 94-99, Nov. URL: https://doi.org/10.1109/MC.2022.3190787

Hui Wei, Hao Tang, Xuemei Jia, Zhixiang Wang, Hanxun Yu, Zhubo Li, Shin’ichi Satoh, Luc Van Gool, Zheng Wang. (2024) Physical Adversarial Attack Meets Computer Vision: A Decade Survey. IEEE Transactions on Pattern Analysis and Machine Intelligence, vol.46, no.12, pp.9797-9817, URL: https://doi.org/10.48550/arXiv.2209.15179

Koundinya A., Patil S., Chandu B. (2024) Data Poisoning Attacks in Cognitive Computing, IEEE 9th International Conference for Convergence in Technology (I2CT), pp.1-4, https://doi.org/10.1109/I2CT61223.2024.10544345

National Institute of Standards and Technology. (2023) Artificial Intelligence Risk Management Framework. (AI RMF 1.0). – Access mode: https://doi.org/10.6028/NIST.AI.100-1

Biggio B., Roli F. (2018) Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84:317–331 https://doi.org/10.48550/arXiv.1712.03141

Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras. (2018) When does machine learning FAIL? generalized transferability for evasion and poisoning attacks. In 27th USENIX Security Symposium (USENIX Security 18), pp. 1299–1316, https://www.usenix.org/conference/usenixsecurity18/presentation/suciu

Biggio B., Nelson B., Laskov P. (2012) Poisoning attacks against support vector machines. In Proceedings of the 29th International Conference on International Conference on Machine Learning, ICML, URL: https://doi.org/10.48550/arXiv.1206.6389

Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, and Xiangyu Zhang. (2018) Trojaning attack on neural networks. In NDSS. The Internet Society, URL: https://dx.doi.org/10.14722/ndss.2018.23291

Kairouz, Peter; McMahan, H. Brendan; Avent, Brendan; Bellet, Aurélien; Bennis, Mehdi; Bhagoji, Arjun Nitin; Bonawitz, Kallista; Charles, Zachary; Cormode, Graham (2021). Advances and Open Problems in Federated Learning. Foundations and Trends in Machine Learning 14 (1–2): https://doi.org/10.1561/2200000083. ISSN 1935-8237

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, Rob Fergus. (2014) Intriguing properties of neural networks. In International Conference on Learning Representations, URL: https://doi.org/10.48550/arXiv.1312.6199

Ian Goodfellow, Jonathon Shlens, Christian Szegedy. (2015) Explaining and harnessing adversarial examples. In International Conference on Learning Representations, URL: https://doi.org/10.48550/arXiv.1412.6572

Nicholas Carlini, Chang Liu, Ulfar Erlingsson, Jernej Kos, Dawn Song. (2019) The Secret Sharer: Evaluating and testing unintended memorization in neural networks. In USENIX Security Symposium, USENIX 19, pages 267–284. – URL: https://arxiv.org/abs/1802.08232

Nicholas Carlini, Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert - Voss, Katherine Lee, Adam Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, Alina Oprea, Colin Raffel. (2021) Extracting training data from large language models. In 30th USENIX Security Symposium (USENIX Security 21), pages 2633–2650. USENIX Association, URL: https://doi.org/10.48550/arXiv.2012.07805

Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, and Nikita Borisov. (2018) Property inference attacks on fully connected neural networks using permutation invariant representations. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, page 619–633, New York, NY, USA. Association for Computing Machinery. URL: https://doi.org/10.1145/3243734.3243834

Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, Tudor Dumitras.(2018) When does machine learning FAIL? generalized transferability for evasion and poisoning attacks. In 27th USENIX Security Symposium (USENIX Security 18), pages 1299–1316. URL: https://www.usenix.org/conference/usenixsecurity18/presentation/suciu

Battista Biggio, Blaine Nelson, Pavel Laskov. (2012) Poisoning attacks against support vector machines. In Proceedings of the 29th International Conference on International Conference on Machine Learning, ICML, URL: https://doi.org/10.48550/arXiv.1206.6389

Nihad Hassan. (2024) What is data poisoning (AI poisoning) and how does it work? Search Enterprise AI, TechTarget. – URL: https://www.techtarget.com/searchenterpriseai/definition/data-poisoning-AI- poisoning

Ilias Diakonikolas, Gautam Kamath, Daniel Kane, Jerry Li, Jacob Steinhardt, and Alistair Stewart. (2019) Sever: A robust meta-algorithm for stochastic optimization. In International Conference on Machine Learning, pages 1596–1606. PMLR, URL: https://doi.org/10.48550/arXiv.1803.02815

Elan Rosenfeld, Ezra Winston, Pradeep Ravikumar, and Zico Kolter. (2020) Certifed robustness to label-flipping attacks via randomized smoothing. In International Conference on Machine Learning, pages 8230–8241. PMLR, URL: https://doi.org/10.48550/arXiv.2002.03018

The Tactics & Techniques of Adversarial Machine Learning. HiddenLayer/ (2022). – URL: https://hiddenlayer.com/innovation-hub/the-tactics-and-techniques-of-adversarial-ml

Chi Zhang, Zifan Wang, Ravi Mangal, Matt Fredrikson, Limin Jia, Corina Pasareanu. (2023) Transfer Attacks and Defenses for Large Language Models on Coding Tasks. – URL: https://doi.org/10.48550/arXiv.2311.13445

D. Li and Q. Li,(2023) Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection, in IEEE Transactions on Information Forensics and Security. – URL: https://doi.org/10.48550/arXiv.2006.16545

Vassilev A, Oprea A, Fordyce A, Anderson H (2025) Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. (National Institute of Standards and Technology, Gaithersburg, MD) NIST Artificial Intelligence (AI) Report, NIST Trustworthy and Responsible AI NIST AI 100-2e2025. – URL: https://doi.org/10.6028/NIST.AI.100-2e2025