ETSI has recently released a report which summarizes and analyses existing and potential mitigation against threats for AI-based systems.
Setting a baseline for a common understanding of relevant AI cyber security threats and mitigations will be key for widespread deployment and acceptance of AI systems and applications. The report, ETSI GR SAI 005 sheds light on the available methods for securing AI-based systems by mitigating known or potential security threats identified in the recent ENISA threat landscape publication and ETSI GR SAI 004 Problem Statement Report.
It also addresses security capabilities, challenges, and limitations when adopting mitigation for AI-based systems in certain potential use cases.Artificial intelligence has been driven by the rapid progress of deep learning and its wide applications, such as image classification, object detection, speech recognition and language translation. Therefore, ETSI GR SAI 005 focuses on deep learning and explores the existing mitigating countermeasure attacks.
ETSI GR SAI 005 describes the workflow of machine learning models where the model life cycle includes both development and deployment stages. Based on this workflow, the report summarizes existing and potential mitigation approaches against training attacks (i.e. mitigations to protect the machine learning model from poisoning and backdoor attacks) and against inference attacks, including those from evasion, model stealing, and data extraction. Mitigation approaches are firstly summarized as model enhancement and model-agnostic, and then grouped by their rationales.
Due to the rapid evolvement of attack technology for AI-based systems, existing mitigations can become less effective over time, although their approaches and their rationales remain in place, said ETSI.
